Sony hires investigators after hack of customer data

The company's PlayStation Network and Online Entertainment service have been suspended until security around users' information is improved, which Sony hopes will be by the end of May.

Sony has brought in investigators from Guidance Software and Data Forte, according to the BBC.

Sony database provider Oracle and the US Federal Bureau of Investigation (FBI) are also looking into the data breaches, according to US reports.

After Sony admitted the personal details of 77 million PlayStation Network members had been compromised by hacking attacks, a week later Sony warned almost 25 million users of its Online Entertainment service were similarly affected by hacker attacks in April.

Personal information including names, e-mail addresses, home addresses, gender, date of birth, login name, phone numbers and hashed passwords are at risk.

Sony says credit card information of PlayStation Network users may have been accessed by hackers, but the data was encrypted and did not include security codes.

The firm says there is no evidence the main credit card database for its Online Entertainment service was compromised.

However, Sony revealed that a database from 2007 was compromised, exposing more than 12,000 debit and credit card numbers and more than 10,000 debit transaction records from Germany, Austria, Spain and the Netherlands.

Despite the immediate concern about credit card fraud, identity theft is of greater concern in the long term, says the San Francisco Chronicle.

The paper cites security experts who say the value of stolen credit card numbers diminishes each day after a data breach becomes known as users and bank-card issuers step up monitoring, but the personal details stolen could be used for years to commit other fraud.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?