Sony Computer Entertainment Inc. would consider reimbursing financial institutions for any costs associated with reissuing credit cards that might have been compromised when someone breached the company’s PlayStation Network last month (
Kazuo Hirai, the division’s president and CEO, said during a May 1 press conference that there were no confirmed reports that fraud was committed with credit card information stolen during the breach, but the company has asked its customers to remain diligent and to monitor their accounts for unauthorized transactions.
Some 10 million PlayStation Network account owners were notified that their credit card information was compromised, Hirai said.
Sony has asked the FBI to conduct a criminal investigation into the breach.
Several PlayStation Network users, including a reporter from PaymentsSource sister publication American Banker, have reported recent incidents of fraud or attempted fraud on the cards they used with Sony’s service, though Sony and card issuers have not confirmed the fraud stemmed from the breach.
At some point between April 17 and 19, an unauthorized third party accessed the PlayStation Network, which enables some 77 million users to play video games together and download music and movies. The breach also affected Qriocity, Sony’s streaming music and video service.
Sony apparently discovered more problems because it has shut down Facebook and multiplayer online games associated with its network, the company announced May 2.
“In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately,” Sony said in a statement.
Sony has faced criticism about why it took several days to notify PlayStation Network users about the breach.
Sony shut down the network to prevent further damage and then hired three security firms to investigate the attack, Hirai said at the press conference. Sony did not realize the scope of the attack until April 26, when it discovered that someone had obtained such personal information as names, home addresses, country locations, e-mail addresses, birth dates and gamers’ login credentials for the service, Hirai said. Sony maintains there is no evidence credit card information was stolen.
Sony also admits shutting down the network took more time than expected, Hirai added.
Despite any perceived delays to action, at least one analyst believes Sony is being proactive in its actions since the breach.
“Sony should be commended for getting ahead of a potential onslaught of lawsuits from affected consumers and financial institutions,” Phil Philliou, a partner with the consulting firm Philliou Partners LLC, tells PaymentsSource.
Assuming banks’ card-reissuing costs will be expensive for Sony, however, getting ahead of the lawsuits “is not only potentially less costly, but it goes a long way to protecting the integrity of the Sony brand,” he adds.
At least one consumer already has filed a lawsuit in Alabama. The suit accuses Sony of “negligence in data security” and of not taking “reasonable care to protect, encrypt, and secure the private and sensitive data of its users.”
Sony plans to compensate PlayStation Network users with free content and a 30-day subscription to its PlayStation Plus online service.
Sony will restart the service incrementally this week. The company hopes the network is fully restored within the next month, Hirai said.
What do you think about this? Send us your feedback.
