As you've undoubtedly heard, Sony's PlayStation Network was taken offline last week following a security breach. Sony remained incredibly quiet about the matter through the weekend, but with mounting pressure from gamers, the company has finally released an official explanation. According to a post on the PlayStation blog, Sony discovered that between April 17 and 19, certain PSN and Qriocity account details were compromised in a network intrusion.
In response to the break-in, Sony flipped the switch on its PSN and Qriocity services and hired an external security firm to perform a complete investigation. At this time, it's believed that the attacker obtained access to your name, address, country, email address, birthdate, PSN/Qriocity name and password, as well as your handle/PSN online ID. It's also possible that your password security answers were obtained along with any sub-account information.
Sony says there's no evidence that users' credit card data was taken, but it can't rule out the possibility. If such information was snagged, it would "only" be your credit card number and expiration date, but not your security code. As such, the company recommends that you keep track of your financial statements and credit reports, noting that US residents are entitled by law to one free credit report per year from each of the three major credit bureaus:
- Experian: 888-397-3742; P.O. Box 9532, Allen, TX 75013
- Equifax: 800-525-6285; P.O. Box 740241, Atlanta, GA 30374-0241
- TransUnion: 800-680-7289; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
"At no charge, U.S. residents can have these credit bureaus place a 'fraud alert' on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity."
With your name, contact information and login credentials in the hands of a criminal party, it would be wise to change your passwords to other online services. Additionally, the company suggests that its users should be extra cautious about email, telephone and postal scams that request sensitive information. Sony itself will never contact you in any way to request "personally identifiable" information such as your credit card or social security number.
If you have further concerns about identity theft, Sony's blog post contains contact information for the FTC and your state's Attorney General. As for PSN's recovery, Sony says the service will remain offline until its investigation is complete and it implements the proper security measures to prevent this from reoccurring. At the time of writing, the company estimates that "some services" will be back online within a week -- surely longer than you wanted to hear.