As Dr. Paul Judge, chief research officer and VP of Barracuda Networks, told USA Today, the hack of Sony’s PlayStation Network is “arguably the second largest data breach ever” after the Heartland Payment data breach. Judge cites the breadth of the breach as the most disturbing aspect. Though it has not been confirmed that credit card data has been compromised, Sony is urging users to exercise aggressive defense measures with the possibly-leaked data. Information that was definitely accessed includes birth dates, email addresses, purchase history, and log in and password information. Whereas the Heartland Payment data breach affected some 175,000 merchants’ millions of transaction data, the Sony breach compromises over 130 million records.
Possibly more troubling than the scope of the data accessed by hackers is Sony’s hesitation in alerting its users to the breach. The longer users go without the knowledge that their information is someone else’s hands, the bigger the hackers’ opportunity to exploit the data.
While major data breaches such as that of TJX, which compromised upwards of 45 million credit card numbers, are well-known and unnervingly commonplace, Sony’s vulnerability marks the first major attack on a gaming network. With opportunities to make purchases in an online store, gaming networks present a whole plethora of critical information. Though Sony’s network is down indefinitely for rebuilding, the company is already urging users to change all of their information once the network is back up. The usual advice is being provided as well: Keep an eye on banking statements, remain wary of email and phishing scams, assume the world is about to come to an end. From the PlayStation blog:
In response to this intrusion, we have:
1. Temporarily turned off PlayStation Network and Qriocity services;
2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3. Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
The enterprise is used to data breaches; no doubt security admins everywhere are shaking their heads at the latest casualty in the seemingly losing battle that is security. It seems consumers will have to start learning the lessons that enterprise IT has been learning and relearning for years: How to hunker down, cut your losses and start again a little bit wiser.
Not to be outdone, Microsoft’s Xbox LIVE support site warns users that they may “receive potential phishing attempts via title specific messaging while playing Modern Warfare 2.”