Privacy Commissioner Investigates Sony Data Breach
On April 27 I posted about the Sony PlayStation data breach which occurred on April 17 and has possibly affected PlayStation users worldwide.
To update this issue, yesterday the Australian Privacy Commissioner, Timothy Pilgrim revealed findings from his initial investigation into the data breach:
“Yesterday, Sony Online Entertainment (SOE) advised me it had discovered that hackers may have obtained SOE customer information. SOE has said that the information was held in an out dated database from 2007 and contained approximately 12,700 non-US customer credit or debit card numbers and expiration dates. It is unclear at this point how many of these customers are Australian citizens or recipients.”
“This latest incident is extremely worrying. I am particularly concerned that it involves information stored on an out of date database. It reinforces my view that organisations need to consider further limiting the amount of information they collect and store about people. They should also make sure that information is destroyed when it is no longer needed as is required under the Privacy Act” he says.
In my last post I called for Australia’s legislation to come up to date with what is occurring worldwide. Being part of the technological network means we are part of the global network and therefore we cannot deny that security threats in any country and particularly the United States could have an impact on us here in Australia as it has done in this instance.
What is encouraging is the Australia Law Reform Commission’s recommendation that consideration should be given to the introduction of mandatory data breach notification laws. This means that when something of the nature of the Sony PlayStation data breach or the recent Dell Computers data breach occurs in the future, there will be an obligation for the company to notify its customers in this country of the occurrence.
What is also being considered by the Government is more power for the Privacy Commissioner to impose penalties following an ‘own motion investigation’, such as enforceable undertakings and civil penalties for serious breaches of privacy. So if this part of the recommendations becomes legislation, the Privacy Commissioner would be able to penalise those companies which are found liable in relation to privacy breaches.
In the meantime, Sony recommends its customers take these steps to help protect their personal data:
“For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.
When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports” says Sony’s Patrick Seybold.
In Australia we can check our credit file for free by obtaining a credit report with credit reporting agencies Veda Advantage, Dun & Bradstreet or Tasmanian Collection Agency. A copy of our credit rating is then sent within 10 working days. Or for a fee they will supply one urgently.
If there are any errors on this file, including evidence of identity theft, it is possible the credit file can be repaired.
Contact www.mycra.com.au for more information.