Security Bytes

Apr 29 2011   1:04PM GMT

Stolen PlayStation Network data includes CVV numbers; lawsuits filed

Michael Mimoso Profile: maxsteel

Hackers posting on underground forums claim the data stolen from the PlayStation Network includes user names, addresses, dates of birth, credit card numbers, expiration dates and card verification value numbers (CVV). Brian Krebs of Krebs on Security linked to a host of screenshots from hacker forums from his Twitter feed that illustrates the dialogue on the forum. Other reports claim that hackers are boasting they have credit card information from more than 2 million customers.

Sony, meanwhile, has yet to confirm the data was actually stolen, but says some of the accessed data was encrypted. From a Sony FAQ on its website:

“All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”

Sony shut down the popular gaming network for more than a week after the breach was detected April 17.

A class-action suit against Sony was filed yesterday in San Francisco alleging damages from the breach. The complaint seeks payment for damages, payment of credit monitoring fees and refunds from Sony and Qriocity its movie and game-streaming service provider, Bloomberg reported yesterday.

Legislators have also chimed in. Rep. Ed Markey (D-MA) and Rep. Mary Bono Mack (R-CA) want more details from Sony on the breach and Mack says the incident could prompt introduction of another consumer data protection bill. Sony says it is in the process of upgrading the security of its network infrastructure and has hired an unnamed security company, working in conjunction with law enforcement, to conduct forensics investigations.

A recent Ponemon Institute report on the cost of a data breach estimates the cost at $214 per lost record, a 5% jump over the last report. More than 77 million records may have been breached in the Sony attack.


 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: