Sony offers $1 million identity theft insurance policy for users affected with PSN hack

Last weekend, Sony Computer Entertainment announced that it will provide complimentary enrollment in an identity theft protection program. Here are the details of this program for PlayStation Network and Qriocity account holders in the United States only. Sony said it is working to make similar programs available in other countries/territories where applicable.

Sony has made arrangements with Debix Inc., an identity protection firm, to offer AllClear ID Plus at no cost to PlayStation Network and Qriocity account holders for 12 months from the time an account holder registers for the program.

Sony will start sending out activation emails for this program over the next few days, and users in US will have until June 18th to sign-up and redeem their code. Users will need to sign up directly through AllClearID, not on Sony’s websites, and details, including step-by-step instructions for the program, will be emailed to United States PSN and Qriocity Account holders soon.

The details of the program include:

• Cyber monitoring and surveillance of the Internet to detect exposure of an AllClear ID Plus customer’s personal information, including monitoring of criminal web sites and data recovered by law enforcement. If his/her personal information is found, the customer will be alerted by phone and/or email and will be provided advice and support regarding protective steps to take. The customer will also receive monthly identity status reports. Debix works with an alliance of cyber-crime experts from the government, academia and industry to provide these services.
• Priority access to licensed private investigators and identity restoration specialists. If an AllClear ID Plus customer receives an alert, or otherwise suspects that he/she may be the victim of identity theft, the customer can speak directly, on a priority basis, with an on-staff licensed private investigator, who will conduct a comprehensive inquiry. In the case of an identity theft, the customer can work with an identity restoration specialist to contact creditors and others, and take necessary steps to restore the customer’s identity.
• A $1 million identity theft insurance policy per user to provide additional protection in the event that an AllClear ID Plus customer becomes a victim of identity theft. This insurance would provide financial relief of up to $1 million for covered identity restoration costs, legal defense expenses, and lost wages that occur within 12 months after the stolen identity event.

Sony details compensation for PSN users, plans services restoration

Sony is expected to begin a phased restoration by region of PlayStationNetwork and Qriocity services, beginning with gaming, music and video services to be turned on. The company today announced both a series of immediate steps to enhance security across the network and a new customer appreciation program, filled with freebies to ‘thank its customers’ for their patience and loyalty.

Following a criminal cyber-attack on the company’s data-center located in San Diego, California, U.S.A., Sony quickly turned off the PSN and Qriocity services, engaged multiple expert information security firms over the course of several days and conducted an extensive audit of the system. Since then, the company has implemented a variety of new security measures to provide greater protection of personal information. SNEI and its third-party experts have conducted extensive tests to verify the security strength of the PlayStation Network and Qriocity services. With these measures in place, SCE and SNEI plan to start a phased rollout by region of the services shortly. The initial phase of the rollout will include the following:

• Restoration of Online game-play across the PlayStation3 (PS3) and PSP (PlayStation®Portable) systems
• This includes titles requiring online verification and downloaded games
• Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers
• Access to account management and password reset
• Access to download un-expired Movie Rentals on PS3, PSP and MediaGo
• PlayStationHome
• Friends List
• Chat Functionality

Working closely with several outside security firms, the company has implemented significant security measures to further detect unauthorized activity and provide consumers with greater protection of their personal information. The company is also creating the position of Chief Information Security Officer, directly reporting to Shinji Hasejima, Chief Information Officer of Sony Corporation, to add a new position of expertise in and accountability for customer data protection and supplement existing information security personnel. The new security measures implemented include, but are not limited to, the following:

• Added automated software monitoring and configuration management to help defend against new attacks
• Enhanced levels of data protection and encryption
• Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
• Implementation of additional firewalls

The company also expedited an already planned move of the system to a new data center in a different location that has been under construction and development for several months. In addition, PS3 will have a forced system software update that will require all registered PlayStation Network users to change their account passwords before being able to sign into the service. As an added layer of security, that password can only be changed on the same PS3 in which that account was activated, or through validated email confirmation, a critical step to help further protect customer data.

The company is conducting a thorough and on-going investigation and working with law enforcement to track down and prosecute those responsible for the illegal intrusion.

“This criminal act against our network had a significant impact not only on our consumers, but our entire industry. These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers’ information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks,” said Kazuo Hirai, Executive Deputy President, Sony Corporation. “Our global audience of PlayStation Network and Qriocity consumers was disrupted. We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation program for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services.”

The freebies

Sony will also rollout the PlayStation Network and Qriocity “Welcome Back” program, to be offered worldwide, which will be tailored to specific markets to provide our consumers with a selection of service options and premium content as an expression of the company’s appreciation for their patience, support and continued loyalty.

• Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
• All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
• Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service.

Additional “Welcome Back” entertainment and service offerings will be rolled out over the coming weeks as the company returns the PlayStation Network and Qriocity services to the quality standard users have grown to enjoy and strive to exceed those exceptions.

Sony will continue to reinforce and verify security for transactions before resuming the PlayStationStore and other Qriocity operations, scheduled for this month.

Sony accepts users’ personal data breached in PSN hack

With millions of gamers affected with Sony PlayStation outage, Sony says it might take another week to bring back its networks. However, this isn’t the bigger issue at the moment. What’s alarming for the millions of PlayStation users is that amidst the rumors that admin accounts were breached in the attack on Sony, the company has warned that your personal data might be in the hands of hackers already as Sony finally accepts a major breach in its network.

According to a letter written to its users, Sony says, “Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.”

If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, Sony says it cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution Sony advises that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, users are encouraged to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, Sony says it strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, it is strongly recommended that you change them, as well.

“To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports,” Sony says.

Sony shut PSN without informing users

While everyone’s trying to guess who brought down Sony’s PlayStation Network and many blame the hacktivist group Anonymous for the same, Sony has has finally made another hopelessly detailed but a little more informed statement (than the previous one) after about 50 hours of outage. According to Sony, “an external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th.”

What’s shocking to see is that Sony shut down PSN on its own in order to investigate the attacks but didn’t see the importance of informing its users who were going crazy waiting to see PSN back and running. Many of them are swearing against Anonymous and other hackers who they feel are responsible for the attacks. Defending its position against the attacks, Anonymous made a public statement yesterday denying any involvement with the PSN outage.

There are more than 600 comments of Sony PSN blogs with some blaming Sony for not being able to handle the crisis situation others blaming the possible hackers behind it as everyone’s craving to get back to some serious gaming.

Here are a few of the comments:

• Sony if you need Russian IT security guys from Canada to investigate call me this is a big call
• I was really looking forward to playing some Portal 2 co-op, but I guess I’ll just finish up the single player campaign. I guess I could also get the last three trophies I need to get the platinum in inFamous.
• With the PSN being down, we can’t even sign into our Qriocity accounts. 😦 If this continues on, I hope they give us paying members complimentary free time for our premium subscriptions. (I’m just hoping for a matching/fair amount of compensation time for the paid service; it’ll make up for the significant downtime.)
• The PSN was hacked. Not by Anonymous. It was made so that the hackers were adding funds to peoples wallets and allowing games to downloaded for free. Sony took the whole system down themselves, all of their game servers which allowed items to be purchased in order to fix the security hole. Some people will find that when the servers do come back up, they are missing items they purchased, money in the wallet is gone or added etc, just my guesstimation…because 2-3 days down means they need to find the exact time this issue occurred to roll back store transactions.
• So was it anonymous or Skynet?
• Wow horrible PR for real. All you got to say? ETA, anything else? If i was gettin paid $100,000 + a year, i would update the community with more then a sentence or two every few days.

This is perhaps the worst crisis management shown by a Japanese company.