-
Sony has warned its video-game console users that their credit card information might have been compromised in a recent breach that affected the PlayStation's online network.
April 27
There are more indications that card data was obtained by fraudsters after the data breach at Sony Corp.'s PlayStation Network.
Though Sony finally began acknowledging the possibility of a card data breach in connection with the PSN outage that started last week, it has yet to say with certainty that card data was among the personal information stolen after its online gaming network and digital media storefront went down.
One American Banker reporter, a New Jersey resident, had to have his credit card reissued Monday after fraudulent charges were attempted in Illinois that day. The card was the same one connected to the reporter's PSN account.
The attempted fraudulent charges, which the issuer blocked, included a transaction of more than $600 at an office supply store.
The issuer, JPMorgan Chase & Co., did not give a reason for the compromise of that particular card. Gail Hurdis, a communications manager for the bank, said it is "always monitoring for fraud all the time" and is "very aware of the Sony situation," but could not confirm whether specific fraud incidents were tied to it.
Sony said on its PlayStation website that "if an account holder provided credit card data through PlayStation Network or [the online media streaming service] Qriocity, it is possible that the credit card number (excluding security code) and expiration date may also have been obtained" in the breach.
It confirmed that names, addresses, birth dates, passwords and other details were exposed.
Though the PSN outage began April 19, Sony did not provide this level of detail until the afternoon of April 26.
Patrick Seybold, senior director of corporate communications and social media for Sony, said on the PlayStation blog Tuesday that "there's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised. … It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach."
