Sony is working on rebuilding the new and more secured PSN infrastructure, but it will probably be days still before the PSN is restored. I would assume that once the network is back online, everyone will be required to resynchronize their information. Obviously because of the security leak already, but also the information will have to be resubmitted to be encrypted for the stored hashes... I HOPE. LoL~! They are evaluating options for reimbursement and compensation for all PSN users as well as credit for subscription-based MMOs such as DCU. The FBI, DHS, and the "recognized security firm" are currently assisting Sony in the investigation to uncover the parties responsible for this attack and say PSN will be back online once they are confident the network is secured.
Neither GeoHotz or the Anonymous hacker collective are claiming responsibility for the alleged attacks. You have to wonder what scamming, phishing, etc. attempts are going to pop up in the future from the combined leaks of the Gawker network, Rootkit, and now Sony's PSN. That's quite an impressive amount of personal data to utilize in targeted attacks.
“"I am deeply troubled by this latest data breach. It reinforces my long-held belief that much more needs to be done to protect sensitive consumer information," Rep. Mary Bono Mack, R-Calif., chairwoman of the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade, said in a statement. "Most importantly, Americans should be quickly informed when their personal information has been hacked, especially in instances like this where there is an obvious potential for large scale identity theft." Bono Mack said she will be introducing legislation, possibly as soon as next week, that would provide consumers with additional safeguards to protect against such data breaches.”
“Rep. Bobby Rush, D-Ill., who also sits on Energy and Commerce and chaired Bono Mack's subcommittee in the last Congress, said he plans to reintroduce a data breach bill he offered before. The bill, which passed the House, would have required for-profit entities that hold personal information about consumers to adequately secure the data and notify the Federal Trade Commission and the affected consumers when a breach occurs.
"Sony touts its PlayStation platform's real-time and networking capabilities to consumers," Rush said in a statement. "The laws of this country should call, similarly, for consumers to be notified in as close to real-time as possible--not according to Sony time--whenever their sensitive information falls into the hands of intruders, hackers, thieves and information resellers."”
“"The FBI is aware of the reports concerning the alleged intrusion into the Sony on line game server and we have been in contact with Sony concerning this matter," said FBI special agent Darrell Foxworth. "We are presently reviewing the available information in an effort to determine the facts and circumstances concerning this alleged criminal activity."
Meanwhile attorneys general from 22 states are demanding answers from Sony over the breach, asking why it took the company so long to alert customers to the attack.”
“"The Department of Homeland Security is aware of the recent cyber intrusion to Sony's PlayStation Network and Qriocity music service," DHS spokesman Chris Ortman said. "DHS' U. S. Computer Emergency Readiness Team is working with law enforcement, international partners and Sony to assess the situation."”
“Connecticut's own attorney general sent a letter to Sony Computer Entertainment of America President and CEO Jack Tretton on Wednesday. The letter demanded answers to a number of questions including what data was stolen, who was responsible, how long the company knew and what was being done to make sure it doesn't happen again.
"The fact that sensitive information was apparently accessed without authorization makes me especially concerned about the possibility of financial fraud and targeted phishing scams," Connecticut Attorney General George Jepsen wrote. "What is more troubling is Sony's apparent failure to promptly and adequately notify affected individuals of this large-scale breach."”
LETTER TO SECA PRESIDENT FROM RICHARD BLUMENTHAL
Mr. Jack Tretton
President and CEO
Sony Computer Entertainment America
919 East Hillsdale Boulevard
Foster City, CA USA 94404
Dear Mr. Tretton:
I am writing regarding a recent data breach of Sony’s PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.
It has been reported that on April 20, 2011, Sony’s PlayStation Network suffered an “external intrusion” and was subsequently disabled. News reports estimate that 50 million to 75 million consumers – many of them children – access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.
When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.
I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.
PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.
Sincerely,
/s/
Richard Blumenthal
United States Senate
https://docs.google.com/viewer?url=http%3A%2F%2Fwww.ct.gov%2Fag%2Flib%2Fag%2Fpress_releases%2F2011%2F042711sony.pdf
Johns VS SECA Class-Action Complaint
Posts
0 comments:
Post a Comment