Sony offers $1 million identity theft insurance policy for users affected with PSN hack

Last weekend, Sony Computer Entertainment announced that it will provide complimentary enrollment in an identity theft protection program. Here are the details of this program for PlayStation Network and Qriocity account holders in the United States only. Sony said it is working to make similar programs available in other countries/territories where applicable.

Sony has made arrangements with Debix Inc., an identity protection firm, to offer AllClear ID Plus at no cost to PlayStation Network and Qriocity account holders for 12 months from the time an account holder registers for the program.

Sony will start sending out activation emails for this program over the next few days, and users in US will have until June 18th to sign-up and redeem their code. Users will need to sign up directly through AllClearID, not on Sony’s websites, and details, including step-by-step instructions for the program, will be emailed to United States PSN and Qriocity Account holders soon.

The details of the program include:

• Cyber monitoring and surveillance of the Internet to detect exposure of an AllClear ID Plus customer’s personal information, including monitoring of criminal web sites and data recovered by law enforcement. If his/her personal information is found, the customer will be alerted by phone and/or email and will be provided advice and support regarding protective steps to take. The customer will also receive monthly identity status reports. Debix works with an alliance of cyber-crime experts from the government, academia and industry to provide these services.
• Priority access to licensed private investigators and identity restoration specialists. If an AllClear ID Plus customer receives an alert, or otherwise suspects that he/she may be the victim of identity theft, the customer can speak directly, on a priority basis, with an on-staff licensed private investigator, who will conduct a comprehensive inquiry. In the case of an identity theft, the customer can work with an identity restoration specialist to contact creditors and others, and take necessary steps to restore the customer’s identity.
• A $1 million identity theft insurance policy per user to provide additional protection in the event that an AllClear ID Plus customer becomes a victim of identity theft. This insurance would provide financial relief of up to $1 million for covered identity restoration costs, legal defense expenses, and lost wages that occur within 12 months after the stolen identity event.

Ex-employee uses ‘secret’ account to hack into Gucci systems

>

Manhattan District Attorney Cyrus R. Vance, Jr., today announced the indictment of SAM CHIHLUNG YIN, 34, for accessing and tampering with the corporate computer network of Gucci America (“Gucci”), the Manhattan-based American affiliate of the Italian luxury goods retailer. YIN, who had been previously terminated by Gucci as a network engineer, used an account he secretly created during his tenure at Gucci to access and control the company’s computer system, shutting down some of its servers and networks, and deleting data from others. He is charged in a 50-count indictment with Computer Tampering, Identity Theft, Falsifying Business Records, Computer Trespass, Criminal Possession of Computer Related Material, Unlawful Duplication of Computer Related Material, and Unauthorized Use of a Computer.

“Computer hacking is not a game. It is a serious threat to corporate security that can have a devastating effect on personal privacy, jobs, and the ability of a business to function at all,” said District Attorney Vance. “This Office’s Cybercrime and Identity Theft Bureau is committed to preventing and prosecuting crimes such as the one charged in today’s indictment.”

According to documents filed in court, Gucci, whose American corporate headquarters are located on Fifth Avenue in Midtown Manhattan, provides employees with remote access to its virtual private network (“VPN”) by attaching a USB-sized token to a computer. While employed as a network engineer, YIN secretly created a VPN token in the name of a fictional employee. After being fired by Gucci in May 2010 for unrelated reasons, YIN took the VPN token with him. In June 2010, YIN emailed members of the Gucci’s IT Department using the fictional identity and tricked them into activating his VPN token. In the months that followed, using the VPN token, YIN exploited his familiarity with Gucci’s network configuration and administrator-level passwords to gain nearly unfettered access to Gucci’s network. As a result, Gucci lost access to documents and e-mail for nearly 24 hours, while other documents and emails were deleted permanently. This intrusion cost Gucci more than $200,000 in diminished productivity, restoration and remediation measures, and other expenses.

On November 12, 2010, YIN accessed Gucci’s network through the VPN for a two-hour period. During that time, YIN deleted several virtual servers, shut down a storage area network, and deleted a disk containing the corporate mailboxes from an e-mail server. As a result, Gucci staff was unable to access any documents, files, or other materials saved anywhere on its network. Additionally, YIN’s destruction of data from the e-mail server cut off the e-mail access not only of corporate staff, but also of store managers across the country and the e-commerce sales team resulting in thousands of dollars in lost sales. Gucci’s IT staff was unable to restore system operations until the end of the business day, and the lingering effects of the intrusion continued to impose costs on the company in the weeks and months that followed.