NZ Privacy Commissioner issues warning after massive PlayStation Network security breach

UPDATE 6pm: As questions swirl over why Sony waited nearly a week before it told customers, NZ Privacy Commissioner Marie Shroff has warned New Zealanders PlayStation Network (PSN) users to take steps to protect themselves.

Up to 77 million PSN customers worldwide had their personal dettails, including passwords and credit card details, exposed to hackers six days ago.

The Privacy Commissioner told RNZ that worried PSN customers should approach their bank to have their credit card details changed.

PlayStation Network passwords that are also used for other sites, such as TradeMe or internet banking, should be also be changed.

Detective Senior Sergeant John Michael said New Zealanders who accessed Sony PlayStation accounts need to be very vigilant in the weeks ahead, especially parents of children who used the network and were now at risk of identity theft.

Sony has sold around 325,000 online-capable PlayStations locally.

UPDATE 4pm: The Australian Privacy Commissioner has said that his office is launching an investigation into the loss of personal data in the PlayStation Network (PSN) hack.

Commissioner Timothy Pilgrim said in addition that he was "very concerned" and would contact Sony for more information about the breach, which occurred between April 17 and April 19, and has resulted in the loss of personal information of users, including names, addresses, birth dates, and even possibly credit card information.

The Sydney Morning Herald reported that the head of the New South Wales Police fraud squad said Australian users may have to cancel their credit cards, since enough information was stolen to take out a loan on the victim's behalf.  Detective Superintendent Col Dyson said the information could be used to commit identity crimes, or sold to other groups to use. 

The NSW Police have advised affected Australian account holders to consider cancelling their credit cards, or contacting their bank to tell them their card may have been compromised.  The Sydney Morning Herald reported that Sony Australia had confirmed the hack affected all PSN users but had not received any reports of credit card information being used improperly.

Sony's latest blog update said that there was a difference in timing between the realisation that there was an intrusion, and that customer data had been compromised.  Senior director, corporate communications and social media Patrick Seybold said Sony realised there was an intrusion on April 19, but it took an outside security team until yesterday to understand the "scope of the breach", after several days of forensic analysis.

"We then shared that information with our consumers and announced it publicly this afternoon."

In a Facts and Question section, Sony said it had not had a service termination as long as this before, and that it was reviewing options for loyal customers financially affected by the hack. 

NBR is waiting on comment from the New Zealand Privacy Commissioner and Sony.

-------

The Sony Playstation Network (PSN) will be down for a further week, meaning the network will have been out of action for about 14 days in total, following reports of hackers obtaining personal information stored in the network.

The network, an online service that connects game consoles allowing gamers to play multiplayer games and purchase movies, music and more, was taken down last Wednesday night after Sony noticed problems but on Friday it confirmed an "external intrusion" had occurred and the Qriocity cloud-based music service was taken down.

On an update to his blog, senior director of corporate communications and social media, Patrick Seybold, said Sony was working to send an email to registered account holders which detailed the hack that occurred between April17 and April 19.  He wrote that personal information of account holders had been "compromised", including names, addresses, birthdays and possibly, credit card information. 

Account holders were warned not to respond to emails, phone calls or post asking for personal information, and Sony has said it had hired an outside security firm to investigate the hack, taken down the PSN and Qrocity services and has "quickly taken steps" to re-build its system with extra security. 

Sony stated it had a "clear path" to have services back up and running within a week.

The hacker collective Anonymous was blamed for the intrusion, having previously called for a boycott of Sony in the wake of the company's law suit against hacker George Hotz this year.  Anonymous, however, has denied all responsibility following a storm of gamer-criticism,  which, however, didn't stop them revelling in Sony's catastrophic trip up.

Meanwhile many in the gaming world remain seriously upset with Sony, and anyone who might be responsible for taking the PSN offline.

Sony told NBR that it sincerely regretted the suspension of the services, and was working around the clock to bring them back online. 

"Our efforts to resolve this matter involve re-building our system to further strengthen our network infrastructure.  Though this task is time-consuming, we decided it was worth the time necessary to provide the
system with additional security."