![]() ![]() ![]() I have stopped using brands over much less.Not saying I'm giving up my PS3 though." "Why in the world would Sony wait six days to tell me I should be concerned about my PII? Their customer service leaves a lot to be desired. In the meantime, Sony says it "has a clear path" to bring PSN and Qriocity back online "within a week." But how many customers will be ready to hand over new credit card information and trust Sony with their passwords and addresses again?Īs it is, because the network is down, PSN users can't access the PSN Web site or the service via the PS3 to change their passwords or delete their personal info and credit card.ĬNET reader Konfuzed expressed dismay over the timing. "They would suffer a big PR black eye if they were not to disclose and it were discovered and made public some other way."Įven though Sony is a Japanese company, disclosure laws in the United States requiring notification of customers of breaches would be applicable because Sony does business in the states and holds personal information of people living in the U.S., said Francoise Gilbert, managing director of the IT Law Group in Palo Alto, Calif. "However, 'best practices' these days is to notify no matter which data elements have been affected," she added. But if not, technically it would not be required to provide notice, she said. So, if credit card numbers were compromised, then Sony would need to notify the affected persons under California and other state laws, according to Givens. Under California law, the type of information that triggers the notice requirement is an individual's name plus one or more of the following: Social Security number, driver's license or California Identification Card number, financial account numbers, medical information or health insurance information. "If they were absolutely certain about the details of the breach and the extent of it six or seven days ago, in my opinion, they should have alerted their customers." "It leaves the affected individuals in the dark, with more questions than answers."įailing to notify customers about the breach for seven days is not uncommon, Givens said, adding that the situation depends on what they knew when. "One of the things I'm critical of Sony about is (them) not being more forthcoming with details of the breach," Givens said. (More details on identity fraud and what consumers can do to protect themselves can be found here.) In addition, she suggested people affected by the breach monitor for fraudulent activity on their credit card that Sony had on file, just in case the accounts were exposed. People whose information was exposed in the breach should change their Sony account passwords and password security questions when the network is back online, and ignore e-mails asking for sensitive information from anybody, Givens added. For instance, customers should be wary of e-mails that purport to come from Sony and which ask for credit card or other sensitive information, said Beth Givens, founder and director of the Privacy Rights Clearinghouse. Without that financial information individuals run the risk of having their Sony PSN accounts hijacked and being targeted with phishing attacks. With that information fraudsters can take over bank and credit card accounts and make purchases. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised."įinding out whether credit card account information had been exposed is key to assessing the risks for Sony customers. "Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. I am concerned that PlayStation Network users' personal and financial information may have been inappropriately accessed by a third party," Blumenthal wrote in the letter. "When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. He also called for Sony to provide affected customers with financial data security services, including free access to credit reporting services for two years to protect against identity theft. Richard Blumenthal, a Connecticut Democrat, wrote a letter to Jack Tretton, president and chief executive of Sony Computer Entertainment America, saying he was troubled that the company had not notified customers sooner about the breach. The company says it is currently in the process of e-mailing all of its customers about the intrusion. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |