Senator Richard Blumenthal has blasted Sony for keeping the data breach a secret and called upon Sony to pay for financial data security for all PlayStation Network users.
Sony turned off its online services for about a week after a network intrusion which is believed to have taken place between April 17 and April 19. PSN services were shut down on the 19th. Yet it wasn't until yesterday that Sony warned its 75 - 77 million PSN users that:
an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
The PSN blog also suggested U.S. residents place a "fraud alert" on file with the three major U.S. credit bureaus, Experian at 888-397-3742, Equifax at 800-525-6285, and TransUnion at 800-680-7289. Additional information was listed to reach the FTC (1-877-382-4357) for "information about how to protect yourself from identity theft."
Senator Richard Blumenthal wrote the President and CEO of Sony to demand answers for the lack of immediate notification about the extent that users' personal and financial information had been compromised. Blumenthal wrote, "PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft."
Sony then posted on the PSN blog that the timing between learning about the intrusion and learning that consumer data was compromised was due to the necessity of awaiting outside experts to "conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach."
The group Anonymous issued a formal statement, denying any involvement in the PSN outage. "For once we didn't do it." AnonOps added, "While it could be the case that other Anons have acted by themselves, AnonOps was not related to this incident and does not take responsibility for whatever has happened."
If you use PSN to access third-party services like Netflix, it's a bummer. On April 1, Netflix Customer Service announced that users had to agree to Sony's updated PSN terms of service, since a "PSN account is needed to use the Netflix application on the PS3." Even if you did agree, you can't watch Netflix movies on a PS3 now. I called Netflix customer service - which tried to direct me to Sony instead - but finally was told, "Since a PSN connection is required, unfortunately you can't connect to Netflix until Sony fixes it." I wonder if Sony will pay a portion of PS3-Neflix users' subcription this month?
Microsoft had previously reacted to the PSN outage by suggesting users could play on the Xbox Live network, but today Microsoft had to issue a Service Alert for Xbox Live. It states, "Users may receive potential phishing attempts via title specific messaging while playing Modern Warfare 2. We are aware of the problem and are working to resolve the issue."