PlayStation Network Security Breach
You might have heard by now that the PlayStation Network was breached 7 days ago. Sony has just released specifics of what has happened, mainly that that all your personal information on the system has been stolen by an outside party. This is one of the largest breaches of this caliber, affecting some 77 million subscribers.
Sony has confirmed the following information has been stolen:
- Your Name
- Your Address (city, state, zip)
- E-mail address
- PSN username and password
If you use the password for multiple sites, you should immediately change it and as soon as PSN comes back online change it there as well.
In addition, Sony has stated despite there being no evidence that credit card data was taken, they are not ruling out the possibility. Anyone who has used or stored credit card information on their PlayStation should call and have your card disabled and reissued to prevent fraud on your account.
If you would like to read more about the specifics of this breach, please check out the following articles and releases from Sony.
- Update on PlayStation Network and Qriocity (PlayStation Blog)
- PSN/Qriocity Network Outage FAQs (PlayStation Support)
- Sony admits utter PSN failure; your personal data has been stolen (Ars Technica)
- Sony: hacker stole PlayStation users’ personal info (CNN)
- PlayStation Hackers May Have Stolen Data on 75 Million Users (Bloomberg)
For more information on how you can protect yourself from fraud, the site http://www.fraud.org has some good tips. Here are a few:
- Know your rights. Under federal law, you’re not responsible for any charges if you report your card missing before someone else has used it, and you are not liable for more than $50 if it has been used, as long as you report the problem promptly.
- Your credit card issuer may offer extra protection for free. Most card issuers have voluntary policies to remove unauthorized charges completely if consumers report them as soon as they discover them. If you’re not sure what your issuer’s policy is, ask.
- Watch out for imposters. Someone may claim to be connected with your credit card issuer and ask to “verify” your account number to make sure you’re protected. Your real credit card issuer doesn’t need your account number; it already has it.
- Be cautious about emails that offer credit services. Many unsolicited emails are fraudulent.
- Protect yourself against credit card fraud. Don’t leave your card lying around your home or office where others can see it, and don’t lend it to anyone. If you want someone else to be authorized to use your account, make those arrangements through your card issuer. Only give your credit card number when you are actually making a purchase.
- Check your credit card bills carefully as soon as you receive them. Follow the instructions on your bill for questioning or disputing charges. Don’t send a note with your payment, since a separate department usually handles disputes. Make copies of any forms or letters that you send your credit card issuer about the dispute, and be sure to pay the rest of your bill on time.
- Be prepared in case your card is lost or stolen. Keep a file with your credit card issuer’s name and telephone number and your account number. Have this separate from your purse or wallet in case it’s stolen, too.
- Watch out for “phishy” emails. The most common form of phishing is emails pretending to be from a legitimate retailer, bank, organization, or government agency. The sender asks to “confirm” your personal information for some made-up reason: your account is about to be closed, an order for something has been placed in your name, or your information has been lost because of a computer problem. Another tactic phishers use is to say they’re from the fraud departments of well-known companies and ask to verify your information because they suspect you may be a victim of identity theft! In one case, a phisher claimed to be from a state lottery commission and requested people’s banking information to deposit their “winnings” in their accounts.
- Don’t click on links within emails that ask for your personal information. Fraudsters use these links to lure people to phony Web sites that looks just like the real sites of the company, organization, or agency they’re impersonating. If you follow the instructions and enter your personal information on the Web site, you’ll deliver it directly into the hands of identity thieves. To check whether the message is really from the company or agency, call it directly or go to its Web site (use a search engine to find it).
- Only open email attachments if you’re expecting them and know what they contain. Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.
- Know that phishing can also happen by phone. You may get a call from someone pretending to be from a company or government agency, making the same kinds of false claims and asking for your personal information.
- If someone contacts you and says you’ve been a victim of fraud, verify the person’s identity before you provide any personal information. Legitimate credit card issuers and other companies may contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. But usually they only ask if you made particular transactions; they don’t request your account number or other personal information. Law enforcement agencies might also contact you if you’ve been the victim of fraud. To be on the safe side, ask for the person’s name, the name of the agency or company, the telephone number, and the address. Get the main number from the phone book, the Internet, or directory assistance, then call to find out if the person is legitimate.
- Job seekers should also be careful. Some phishers target people who list themselves on job search sites. Pretending to be potential employers, they ask for your social security number and other personal information. Follow the advice above and verify the person’s identity before providing any personal information.
- Be suspicious if someone contacts you unexpectedly and asks for your personal information. It’s hard to tell whether something is legitimate by looking at an email or a Web site, or talking to someone on the phone. But if you’re contacted out of the blue and asked for your personal information, it’s a warning sign that something is “phishy.” Legitimate companies and agencies don’t operate that way.
- Act immediately if you’ve been hooked by a phisher. If you provided account numbers, PINS, or passwords to a phisher, notify the companies with whom you have the accounts right away. For information about how to put a “fraud alert” on your files at the credit reporting bureaus and other advice for ID theft victims, contact the Federal Trade Commission’s ID Theft Clearinghouse, www.consumer.gov/idtheft or 877-438-4338, TDD 202-326-2502.
- Report phishing, whether you’re a victim or not. Tell the company or agency that the phisher was impersonating. You can also report the problem to law enforcement agencies through NCL's Fraud Center, www.fraud.org. The information you provide helps to stop identity theft.
As always, if you have questions or concerns, please feel free to contact a member of the ITS Staff.