Skip to main content

More breach problems for Sony......

Written by Julia Siripurapu

Yesterday, in a Customer Service Notification posted on its website, Sony Online Entertainment LLC (“SOE”) based in San Diego, California revealed that its systems were also the subject of a hacking attack. Sony Corporation and Sony Computer Entertainment announced in a press release issued this morning, that based on their ongoing investigations into the incident, the hacking attack of the SOE systems took place on April 16 and 17th and resulted in the unauthorized access to the personal information (name, address, e-mail address, birth date, gender, phone number, login name, and hashed password) of approximately 24.6 million SOE customers as well as approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes) and 10,700 direct debit records (bank account number, customer name, account name, and customer address) of SOE customers in Austria, Germany, Netherlands and Spain from an outdated database from 2007.

Add these records with the totals of last week's PlayStation Network breach , and the number of Sony customers whose personal information has now been compromised is over 100 million --easily making this one of (if not the largest) data breach in history.

On Capitol Hill, the House Subcommittee on Commerce, Manufacturing, and Trade will hold a hearing tomorrow titled “The Threat of Data Theft to American Consumers” to “examine risks related to data breaches, the state of ongoing investigations, current industry data security practices, and available technology” and representatives from the Federal Trade Commission, U.S. Secret Service, the Center for Democracy and Technology, and Purdue University are expected to testify at the hearing (see hearing Background Memo). While Sony declined to testify at this hearing, it has agreed to submit answers to the Subcommittee’s questions about the PlayStation Network cyber attack by end of business today.

 

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.