backtop


Print 8 comment(s) - last by dijuremo.. on May 26 at 9:04 PM


Sony today rolled out credit protection services for some of its U.S. customers whose personal information Sony lost to hackers.
Protection does not yet cover Sony Online Entertainment users, only Qriocity and PlayStation Network customers

A series of online attacks has sent Sony Corp. (6758) reeling.  The company first experienced a near complete loss of information from its two largest customer databases -- the PlayStation Network (PSN) database and the Sony Online Entertainment (SOE) database.  This week, five of its international sites for its various units fell prey to SQL injection attacks (affectionately nicknamed the "Little Bobby Tables" attack) [1] [2] [3].

In an effort to reassure PlayStation users that they are safe, Sony today made good on promises to provide American customers with free identity theft protection.  The registration page went live and can be found here.

The service is provided by Debix, a private Austin, Texas based credit monitoring firm.  The product is dubbed "AllClear ID PLUS".  The service is available for PSN and Qriocity (a music/video service) customers.  To enroll they only have to enter their email.

The page does not mention anything about enrollment SOE subscribers (e.g. DC Universe Online customers).  Foreign customers are expected to receive similar services in some regions shortly, via local providers.  Sony warns customers that it may take up to 72 hours to hear back Debix.

Governments are currently grilling Sony internationally for its careless security, which endangered the privacy of millions of individuals.  While the PSN is restarting in the U.S., Japan has forbidden it to restart until more detailed information is given on the company's security remediation.

The company faces returns of its products internationally and class action lawsuits from disgruntled former customers.

Sony is confident it will pay only $2 USD per lost record from its various web properties.  That's less than 1 percent of the average payout of $318 USD per lost record (including class action lawsuit settlements) that was the average in 2010.  And in recent years the cost of data lost has tended to increase by a factor of 1.5 each year.  Clearly Sony is hoping for some sort of miracle to save it financially.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By Solandri on 5/26/2011 12:45:45 PM , Rating: 2
The problem with identity theft has always been that the party safeguarding the data is not the party which suffers the consequences of the theft.

This disassociation between cause and effect means normal market forces don't work to correct the problem. The government needs to step in and enact some uniform fines for security breaches leading to identity theft. Then companies will have a financial incentive (proportional to the harm done) to beef up their security and make it harder for identity theft to occur. Sony ran their systems with unpatched Apache code because there was little to no financial incentive for them to patch and secure them.




"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki