Metering is ON
suntimes

Thursday, May 24, 2012

Search
Site All Papers YAHOO!

PlayStation breach called one of worst

By Brett Molina  and Mike Snider

The data breach affecting 77 million accounts on Sony’s PlayStation Network is one of the largest and most damaging, security experts say.

On Tuesday, Sony revealed the intrusion had exposed users’ personal data, including names, e-mail addresses, birth dates, log-ons and passwords — and, potentially, credit card information. Sony later told PlayStation users that it had encrypted the credit card data that hackers may have stolen, reducing but not eliminating the chances that thieves could have used the information.

Sony said in a blog post Wednesday that while it had no direct evidence the data were taken, it cannot rule out the possibility. It did not say how strong the encryption was, and it is possible for hackers to decipher files that are weakly encrypted — it’s just more difficult.

“All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken,” the company wrote in its blog post.

The FBI is “reviewing the available information concerning the facts and circumstances,” said Special Agent Darrell Foxworth in San Diego.

Compared with other major incidents — such as the 2009 breach of Heartland Payment Systems, which processed 100 million card transactions a month for 175,000 merchants, and the 2007 TJX breach, which involved 94 million credit card accounts — the PSN event is at least “equally damaging,” said Mandeep Khera of application security firm Cenzic.

He joined the chorus of critics questioning the response by Sony, which says it learned of the breach on April 19 but did not inform users of the risks to their personal and financial data until Tuesday.

The lag of more than a week could have given hackers time to exploit customer data, Khera said.

“As soon as you know there is a breach, it is in the best interest of the consumers to let them all know so that they can take precautions,” Khera said.

Gannett News Service with AP contributing

Latest News Videos
© 2012 Sun-Times Media, LLC. All rights reserved. This material may not be copied or distributed without permission. For more information about reprints and permissions, visit www.suntimesreprints.com. To order a reprint of this article, click here.
Special Home Delivery Offer

Comments  Click here to view or make a comment