seremify007
Junior Member
Were you affected by PSN going down? Or worse yet, were you impacted by the 'hacking' implications exposing your data?
Per today's SMH (27/04/2011):
Per today's SMH (27/04/2011):
URL: http://www.smh.com.au/digital-life/...ays-contact-your-bank-now-20110427-1dvts.htmlPlayStation hacking scandal: police chief says contact your bank now
Asher Moses
April 27, 2011 - 12:59PM
The head of the NSW Police fraud squad has warned Australian PlayStation users that they may have to cancel their credit cards after hackers stole enough information to even take out loans on the victims' behalf.
- Notification delay: breach happened April 17-19
- No law requiring companies to tell customers of breach
- Passwords, logons, email addresses exposed
- Nothing to stop hackers acquiring new credit cards
The Australian Privacy Commissioner, Timothy Pilgrim, said he was "very concerned" and would contact Sony for more information on the breach, which security researchers have said may be the largest theft of identity data on record. His office has begun an "own motion investigation" into the matter.
Advertisement: Story continues below
Despite its PlayStation Network being knocked offline for the past week, Sony waited until today to notify its 77 million customers that an "illegal and unauthorised person" gained access to their names, addresses, email address, birthdates, usernames, passwords, logins, security questions and more.
The company also could not rule out credit card numbers and expiry dates being stolen. But even if no credit cards were stolen, the other details are enough to cause significant identity theft issues.
"If you're armed with enough personal information you could basically do anything that the legitimate person could do themselves ... [such as] obtain various forms of credit, you could target their banking accounts," said NSW Police Detective Superintendent Col Dyson in a phone interview.
Detective Superintendent Dyson said those who obtained the personal information could use it to commit identity crimes or use the information to build a profile of the victims, which would then be used to gather further information about them before committing the crime.
"Personal or financial information is a valuable commodity and generally these days we find organised groups harvesting information and then selling it to other groups to use," he said.
NSW Police advises affected Australians to consider cancelling their credit cards or at the very least call their banks to inform them that their cards may have been compromised. People should also change their passwords if they use their same PlayStation Network password for other services.
Sony Australia confirmed that the issue affected all PlayStation Network users, including Australian account holders. It said it had not received any reports or claims that credit card information had been used improperly to date.
"For the security of our valued customers, we are encouraging all account holders to be aware of email, telephone, and postal mail scams that ask for personal or sensitive information," Sony Australia said.
The Australian Bankers' Association said there had yet to be any Australian reports of credit card details being compromised or other fraud that has occurred as a result of the Sony breach. It said banks would be in contact with individual customers if their cards need to be re-issued and any credit card holders who become affected would be protected from loss in genuine fraud cases.
With many web services now requiring users to give out personal information, which is then stored on company servers in the internet "cloud", privacy breaches such as this are becoming more common.
Detective Superintendent Dyson said the move to storing personal information in the cloud had created new issues for law enforcement as the data was usually stored overseas, often in multiple jurisdictions.
"People should always be cautious about putting any personal information online or providing information to companies and the fact that the information or data is stored overseas is a challenge for law enforcement on a global scale really," he said.
"It creates issues for law enforcement and makes the importance of us having a strong network with overseas law enforcement more important than ever."
Detective Superintendent Dyson said he would wait for the lead overseas law enforcement agency on this matter to make contact and provide a briefing before he would assign local officers to investigate.
"There's no use in us going out and starting interviewing people without knowing the full background of it and receiving a formal request," he said.
It's not clear how the PlayStation Network break-in occurred or how many Australians out of the 77 million global users are affected, but it is believed to include everyone with a PlayStation Network account.
The loose-knit group of online miscreants, Anonymous, has denied that it was responsible for the hack, despite it issuing a statement last week warning Sony it would be targeted as payback for Sony suing customers who cracked the PlayStation 3 software.
Colin Jacobs, chair of the online users' lobby group Electronic Frontiers Australia, criticised Sony for the delay in notifying customers of the breach, which Sony said occurred between April 17 and April 19.
"A week is too long. If that information fell into the wrong hands, and you have to assume that it did immediately, those users could have been receiving sophisticated scams all week long," he said.
"It's a shame that it has come to this, but mandatory reporting laws might be necessary to prod companies to do the right thing regardless of the public relations consequences."
Since Australia does not have mandatory notification laws for when data breaches occur, companies are not obligated to even inform customers when their personal information has been stolen. Dell Australia opted to inform customers when their details fell into the wrong hands recently but there were many more affected companies who did not come forward.
A recent report on privacy laws compiled by the Australian Law Reform Commission recommended that new data breach notification requirements be implemented, but the Federal Government has yet to say whether it will take this recommendation on board.
The Australian Privacy Commissioner, Timothy Pilgrim, said when breaches occur it was important for organisations to "notify their customers promptly" as this would help "mitigate any potential impact on individuals such as the risk of identity theft and fraud".
"This is a massive data breach, with millions of users' personal data compromised," said Jacobs.
"Sony have an uphill battle in restoring their reputation and we can only hope their users don't suffer too much for this lapse."
Despite the criticisms that it took too long to notify people, Sony Australia believes it "responded quickly and are behaving responsibly". It said that as soon as it learned of the issue it temproary turned off the PlayStation Network, engaged an outside security firm to conduct a full investigation and took steps to enhance security and strengthen its network infrastructure.