Sony who took more than a week to admit that 77 Million credit profiles and card details belonging to subscribers to their Playstation Network could have been compromised has been criticised for not reporting to the owners of the cards that they face a “security” risk.
The head of the NSW Police fraud squad has warned Australian PlayStation users that they may have to cancel their credit cards after hackers stole enough information to even take out loans on the victims’ Fairfax Media have reported.
The Australian Privacy Commissioner, Timothy Pilgrim is so concerned that he is set to demand information from Sony Computer Entertainment who now appears to have known about the hack attack as far back as April 17.
Michael Ephraim the CEO of Sony Computer Entertainment Australia has not made any comment despite his track record of seeking publicity for his Playstation products.
A senior Federal Police Officer said that Sony was leaving themselves open to legal action by failing to tell their customers that “confidential data” had been potentially exposed to criminal elements.
“10 days is a long time and a high risk strategy. Criminal groups are able to move very quickly especially over an Easter break period when people often use a credit card for travel, shopping or leisure activities” the officer said.
The first official word that their site was down because of a “serious” hack attack came over Easter when most major banks around the world were closed.
Both Westpac and National Australia Bank have confirmed that they have had calls to their card hotline from Playstation network customers cancelling their credit cards. Several users have also inquired about trading on their cards.
10 days after Sony became aware that an “illegal and unauthorised person” had gained access to their Playstation network, along with access to the “names, addresses, email address, birthdates, usernames, passwords, logins, security questions and more” the Company has still failed to explain why they were so slow advising customers.
Security experts have said that the breach may be the largest theft of identity data on record.
Despite its PlayStation Network being knocked offline for the past week, Sony waited until today to notify its 77 million customers that an “illegal and unauthorised person” gained access to their names, addresses, email address, birthdates, usernames, passwords, logins, security questions and more.
The company also could not rule out credit card numbers and expiry dates being stolen. But even if no credit cards were stolen, the other details are enough to cause significant identity theft issues.
NSW Police Detective Superintendent Col Dyson said of the attack “If you’re armed with enough personal information you could basically do anything that the legitimate person could do themselves … [such as] obtain various forms of credit, you could target their banking accounts,” said in a phone interview.
Detective Superintendent Dyson told Fairfax Media that those who obtained the personal information could use it to commit identity crimes or use the information to build a profile of the victims, which would then be used to gather further information about them before committing the crime.