DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Sony answers some questions, while more inquiries pile on

Posted on April 28, 2011 by Dissent

Sony has posted a Q&A #1 for PlayStation Network and Qriocity Services, responding to some of the concerns raised about their recent breach.

Of note, they say that all of the credit card data were encrypted, although they acknowledge that the personal data table was not encrypted.

More will come out in time, of course. What strikes me is what seems like an over-reaction to this breach. I mean, come on, folks, this is not the first hack or compromise ever that may have involved credit card data. And this is not the first breach where people have been warned to watch out for scams or phishing attempts. Yes, it’s a large breach given the sheer volume of people affected, but I’m somewhat surprised at the people complaining that Sony is not in a position to answer all questions within a few days or who accuse them of disclosing “late.”

It seems like only a year ago that if an entity disclosed a breach in less than two months that we considered it “quick.” The public’s expectation has seemingly shifted to expecting immediate disclosure and notification, but without regard for the fact that sometimes it takes a while to figure out what happened, how it happened, and what data were accessed or acquired.  And of course, there’s all the usual politicking and posturing from legislators and privacy commissioners who want answers.  It’s understandable that they want answers, and we want data protectors to look out for our data, but what is the point of so many investigations?  I fully expect Sony will answer all of the questions when it can.  For now, let them focus on figuring what went wrong and what they need to do to prevent a recurrence.  Aren’t those the priorities?

Users do not need to wait for answers from Sony to protect themselves. In my days as a medic, our motto was “treat for the worst and hope for the best.” Consumers who are unsure what has happened are best advised to assume the worst and act accordingly. Canceling or keeping an eye on your credit card is a nuisance, yes, but in the grand scheme of things, is it really that awful? And aren’t you already sophisticated enough not to click on links in emails or fall for phishing attempts?

If you think this breach is particularly egregious or that Sony has been negligent in security or outrageous in their handling of the breach compared to other breaches, tell me why. Otherwise, maybe everyone should just breathe out slowly and give the firm a chance to figure this out.

Update: Okay, I seem to be in the minority on this one, as one reader points out why he finds this breach particularly concerning, and other sources call into question whether Sony is being accurate – or honest – in claiming that credit card data was encrypted. Stay tuned….

Category: Breach IncidentsBusiness SectorCommentaries and Analyses

Post navigation

← Yankees Accidentally Leak Personal Info Of 20,000 Season Ticket Holders
Defending the Digital Gates: Universities and Cyber Security →

1 thought on “Sony answers some questions, while more inquiries pile on”

  1. synfinatic says:
    April 28, 2011 at 11:30 am

    People are all worried about their credit card data, but that’s a red herring. You’re not legally liable for fraud on your credit card over $50 as long as you notify the credit card company in a reasonable amount of time. And from personal experience, I know that the credit card companies won’t even hold you for the $50 because they want to keep you as a customer.

    What I am worried about is my home/billing address, birth date, “security question/answer”, username and password being stolen. Now it’s much easier to impersonate me online and anywhere that information might be used to identify me. Now it’s not just credit card fraud I have to worry about, but a bunch of other kinds of fraud for which there is no strong consumer protections for. This is why Sony recommended everyone get their credit reports and place a hold on getting any new loans, etc- because they know that is where the real risk is for the consumers who’s privacy they failed to take even the most basic steps to secure.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.