Seriously, Sony?!

by , under personal, The Wired Mom

Sony’s PlayStation Network has been down for days now. Days and days with Sony essentially saying that they were looking into the problem and it’d be up soon.

Now it’s come out that the PlayStation Network has been down because they were hacked – they had mentioned an intrusion, but never the scope of it. Personal information was accessed from accounts, which ranged from addresses to credit card numbers. I admit, I don’t have an account (my PS3 is pretty much only used for my BluRay and for folding). My brother in law does, but all they could have stolen was his address – he uses prepaid cards to buy anything.

While I’m glad that my in-laws are probably going to be fine (since if he’d used a card, it would have been theirs)… there’s a bigger problem to this. Sony knew that personal information had been accessed and waited nearly a week before admitting that consumer data was stolen. A week in which the stolen data could have been sold and used for who knows what.

I have been the victim of identity theft. I had a woman get my bank account and try to pass bad checks through it. I’ve had my credit card stolen and someone ring up fraudulent charges (thank you Chase for realizing that I probably wasn’t going to be buying jeans from Europe). In the first case, it took me a couple weeks to feel relatively normal. Days on the phone with the branch I’d opened up my account, and them on the phone with the local branches to make sure that nobody could cash a check that wasn’t me. Closing all my accounts, my credit card numbers, putting a fraud flag on my credit reports – and having to wait for new checks, new credit cards and updating any saved card information on the internet.

In this day and age – where identity theft is rampant and considerable damage can be done to someone’s life within 24 hours… it’s unconscionable for Sony to wait so long to disclose the full extent of the hacking. Sony spokesman Patrick Seybold said that because of the scope of the problem they didn’t realize that the theft had occurred until Monday (the 25th), and that they had informed customers. I’m still not sure how in this day and age, it took them several days to discover that personal data was stolen.

I am disappointed in Sony. For any company with e-commerce, the first thing you should check after being hacked isn’t the structural integrity, it’s whether or not personal information was stolen. Ultimately though, it’s a good reminder that you get what you pay for. Sony offered access to their PlayStation Network for free (even if the games on it weren’t). Microsoft charges for XBox Live, but I’m fairly certain that they would have responded differently.

So what can you do to protect yourself? Like my brother-in-law, you can purchase points cards for online currency purchases (whether it’s for gaming networks or Facebook games). Most credit cards also offer temporary credit card numbers. Which might not be useful for a gaming network, but for most regular purchases can be helpful to protect your actual credit card information.

But most importantly, what you can do is order your annual credit reports from the three credit agencies, and make sure that accounts haven’t been opened that you’re unaware of. (If you’re going to go to FreeCreditReport.Com, be careful. In order for it to be free, you have to sign up for their credit monitoring service – which has a monthly fee. You can cancel it after the initial purchase… but just make sure you do so you don’t keep getting charged. However, if you do a lot of online purchases, it might not be a bad investment – since you’ll be able to see your credit score change on a regular basis) As silly as it seems, do regular checks of your bank accounts online- and credit cards, too. Don’t wait until you get your monthly statements, make sure you check on a weekly basis – since the earlier you notice an irregularity, the earlier you’ll be able to put a stop to it if someone has stolen your identity. (I should note, that you probably should wait a bit to order your credit reports – just to make sure that any opened accounts are reflected)

While most banks and credit cards will reverse fraudulent charges, it can take days to get the money back into bank accounts, or for charges to be reduced on cards.

It should go without saying, but if you have an account on the PlayStation Network – you should change the password for any login that you have associated with the email address you used.