A series of online attacks has sent Sony
Corp. (6758) reeling.
The company first experienced a near complete loss of information from
its two largest customer databases -- the
PlayStation Network (PSN) database and the Sony
Online Entertainment (SOE) database. This week, five of its
international sites for its various units fell prey to SQL injection attacks
(affectionately nicknamed the "Little Bobby
Tables" attack) 
In an effort to reassure PlayStation users that
they are safe, Sony today made good on promises to provide American customers
with free identity theft protection. The registration page went live and
can be found here.
The service is provided by Debix, a private
Austin, Texas based credit monitoring firm. The product is dubbed
"AllClear ID PLUS". The service is available for PSN and
Qriocity (a music/video service) customers. To enroll they only have to
enter their email.
The page does not mention anything about
enrollment SOE subscribers (e.g. DC Universe Online customers). Foreign
customers are expected to receive similar services in some regions shortly, via
local providers. Sony warns customers that it may take up to 72 hours to
hear back Debix.
Governments are currently grilling Sony
internationally for its careless security, which endangered the privacy of
millions of individuals. While the PSN is
restarting in the U.S., Japan has forbidden
it to restart until more detailed information is given on the
company's security remediation.
The company faces returns
of its products internationally and class
action lawsuits from disgruntled former customers.
Sony is confident it will pay only $2 USD per lost
record from its various web properties. That's less than 1 percent of the
average payout of $318 USD per lost record (including class action lawsuit
settlements) that was the average in 2010. And in recent years the cost
of data lost has tended to increase by a factor of 1.5 each year. Clearly
Sony is hoping for some sort of miracle to save it financially.