On Wednesday, I was quoted in a PCWorld story about what obligation Sony has to its customers:
"When I see something like this, I want to scream," says Florida identity theft expert Denise Richardson. "It's like a goldmine of information."
Companies in Sony's position typically respond by offering affected users a year of free credit monitoring--something any consumer in the U.S. is entitled to already. "To me, that's nothing," Richardson says. "Thieves are sitting back laughing at that."
Sony admitted that thieves gained access to databases that contained users' names, mailing address, email address, birthdate, PSN user ID with password and security questions, and possibly the user's purchase history, credit card numbers and expiration dates.
The problem here is that people equate these data thefts with a credit risk and no more. The first class action lawsuit, filed on Wednesday, asked for compensation for the costs of credit monitoring and for the time he lost access to the gaming network.
That's what really makes me want to scream! If consumers knew of the types of crimes that personal data is used for today, they wouldn't be asking for credit monitoring -- they would want services that detect, alert and restore! And if Sony (or others) were smart they would offer access to those services, as a way to ensure their customers feel less impact.
As a victim and advocate, it is frustrating to continue to read articles that play down or minimize the effects of this crime-perhaps it is time to focus on what today's ID theft is about and how individuals and businesses can reduce their risks and the blow if a data breach or fraud occurs! We need to raise awareness to the very real fact that identity theft today is about far more than your credit, as today's Sun Sentinel article points out -once again.
What Sony PSN customers should do to protect themselves
Sony customers on comment threads attached to the above mentioned PCWorld story and others, have been asking what they should do to protect themselves. Many gamers are kids and young adults who may not realize their information has been stolen until they apply for student loans or unemployment or try to buy a house and discover somebody borrowed $40,000 in their name. Thieves love to steal kids' information because they can go years without being detected.
Here's my best advice for them:
1) Change your email password and watch your email carefully. As we saw in the warnings after the Epsilon email data breach, thieves will send "phishing" email trying to get users to reveal more information.
2) Your name, birthdate and address are as valuable to thieves as your credit card info. Some of today's ID theft protection services can monitor the Internet sites where data thieves offer stolen ID info for sale. If they see your info being sold, or used to open bank accounts, buy a wireless phone service, order checks or sign up for utilities, they raise the alert.
3) Cancel the credit card attached to your PSN account. Thursday morning Sony said its credit card data had been encrypted, as if that makes everything OK. "We have no evidence that credit card data was taken," said Sony spokesperson Patrick Seybold. "The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack." If the hackers are smart enough to break through the "very sophisticated security system," they can figure out the encryption on credit card numbers! They ARE sophisticated -by now that should be clear to everyone.
4) If you use the same password for lots of different accounts, change it there too. Thieves know this and will look for other places to rob you.
I also hear people are now promoting cutting up their credit cards. UGH - and use what? Remember this key fact; debit cards are attached to your personal funds. If that number is compromised your account could be cleaned out and you may not even know until you get that first bounced check notice! We can't just stop using credit cards or online services. You can't avoid filing taxes or using your Social Security number.
Your information is out there in a million places and any one of them could be the target of the next data breach.
Businesses should ALSO learn from Sony's current nightmare. They could be one breach away from defending themselves against lawsuits, much like Sony now has to face. Another PC Magazine article goes over the steps businesses should consider to make their networks and servers less vulnerable.
One of the key ways any company owner can protect themselves is to forget the notion of, "Why would anyone want to hack into my network?" Why? Because they can. Whether you run a business making chocolate candies or handle financials for thousands of clients, taking an offensive approach against hackers, network intruders, or rogue employees out to make a few bucks for themselves, is fundamental to protecting your business.
Along with taking proper steps to secure our data, companies could show us our data is an important concern of theirs, and mitigate their own potential damages, by offering info on reduced rate ID protection/restoration services to their employees, vendors, customers, etc. BEFORE a breach and lawsuits occur. That would perhaps show they care about their customers' finances and data as much as they do their own. A key analogy to consider; locking your front door is a good security measure -but adding dead bolt is better. It's a matter of deciding to pay for additional security now -or opting to pay for it, (along with the losses) later.
Update May 3: Sony news grows worse
NEWSLETTER SIGN UP
SUBSCRIBE
CONTACT
Leave a comment