recent work

Sony playstation – has there been a data breach?

The BBC has today reported of the potential extent of the Sony Playstation Network hack, and that credit card details may have been amongst the possible stolen personal information.

The company has said that the data might have fallen into the hands of an “unauthorised person” following a hacking attack on its online service.

The network went down last Wednesday 20th April, however people were not informed of the details as to why until today.

Access to the network was suspended last Wednesday, but Sony has only now revealed details of what happened.

In a statement posted on the official PlayStation blog, Nick Caplin, the company’s head of communications for Europe, said: “We have discovered that between April 17 and April 19 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network”.

The blog posting lists the personal information that Sony believes has been taken.
• Name
• Address (city, state/province, zip or postal code)
• Country
• E-mail address
• Date of birth
• PlayStation Network/Qriocity passwords and login
• Handle/PSN online ID

Mr Caplin added: “It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.

“For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information.”

Sony also admitted that there was a chance that credit card information was also stolen.

“While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility,” Mr Caplin said.

“If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained.”

The UK’s information commissioner of the ICO, Christopher Graham told BBC Radio 4’s “You and Yours” programme, that it looked like “a very significant breach of data protection law”. The Information Commissioner’s Office (ICO) has the power to impose fines of up to £500,000.

He added: “We are already investigating what looks like a very significant breach of data protection law.”

The ability to fine Sony lies in whether the data in the Playstation Network was stored in the UK or not – fines can only be issued by the ICO if stored in the UK.

“It if turns out that it is our responsibility here in the UK, we would ask ‘were the security measures appropriate’,” he added.

To read the article in full, go to http://www.bbc.co.uk/news/technology-13192359 now.