Sony has revealed that it was the target of a second attack by hackers which, while not affecting the debit or credit card information of Canadian online gamers, may have exposed their personal information.
In the latest data breach, uncovered Tuesday, the Japanese company announced that its Sony Online Entertainment division had been hacked, compromising 22,000 credit or debit numbers of European customers held in a 2007 database.
Personal information from more than 24 million customers worldwide, including names, addresses and dates of birth, may have also been stolen, but the company did not immediately say whether Canadian customers were affected.
Sony spokeswoman Michele Sturdivant told Postmedia News Tuesday that Canadians' financial information is safe from the recent hacks, but she said she did not know how many of the 24 million people who could have had other information stolen were Canadian.
News of the breach comes after Sony last week informed its 75 million PlayStation customers worldwide, including around one million in Canada, of a massive theft of PlayStation Network customer data involving the email addresses, birthdates and network passwords of an unknown number of its users.
Credit and debit information may also have been compromised, but Sony Canada has not released any details about how Canadian PlayStation users may have been affected.
In the short term, Sony Online Entertainment has temporarily shut down its online games service. The division operates online games such as EverQuest and is separate from the PlayStation video game console division.
A Toronto-based law firm has launched a class-action lawsuit against Sony over the "theft from Sony of personal information."
All Canadian PlayStation users can sign on to be part of the $1-billion damage claim, according to a news release from McPhadden Samac Tuovi.
Chester Wisniewski, a Vancouver-based senior security adviser at Sophos Canada, said the latest development involving Sony's online entertainment division, taken together with PlayStation breach, is a massive headache for the company.
"The fix to their reputation is going to take a very long time. With over 100 million victims, that's pretty massive," said Wisniewski.
He warned that personal information can be used for identity theft.
Wisniewski, meanwhile, said the company has to answer for an apparent sloppy handling of customers' personal data involving a 2007 database.
"Why are there old unmaintained databases accessible, especially ones that contain people's unencrypted banking information and credit card information from four years? That's not very standard business practice to keep that kind of sensitivity around," said Wisniewski.
"It's certainly embarrassing for an organization as large as Sony, holding such personal information about over 100 million people without taking due diligence or proper care of that information."
Meanwhile, the office of Canada's privacy commissioner continues to look into the Sony case, but has not launched a formal investigation, said spokeswoman Valerie Lawton.
"We are in communication with Sony to better gauge what has taken place and what measures Sony is taking to deal with the matter."
No comments:
Post a Comment