Thursday, April 28, 2011

Q&A on Playstation Network security breach

Q: What is the PlayStation Network, and what happened to it?

A: The PlayStation Network (PSN) is a proprietary network for owners of Sony's PlayStation 3 consoles to play online games with others. PSN also offers movies and TV episodes for rent or purchase, as well as downloadable games and game demos. "The idea is you create a profile and put your credit card number in and information about yourself, so when you want to get online it verifies your identity," says Chet Wisniewski, senior security adviser at network security firm Sophos. "If you decide to buy or rent anything, they have your credit card on record and can automatically bill you."

Sony shut down PSN on April 20 after discovering that sometime April 17 to 19, an illegal breach occurred. On Tuesday, Sony announced that users' personal data was compromised, including possible credit card information.

Q: How many people are affected?

A: Sony has sold about 50 million PS3 systems and has said that it has 77 million registered accounts in 59 countries. Customers don't have to enter credit card information; they can use prepaid PSN cards sold at retail.

Q: What can users now do to protect themselves?

A: Users should replace any credit card that was on file with PSN, change passwords on any other accounts that used the same password as PSN and subscribe to an identity theft monitoring service, says Paul Judge, chief research officer for security firm Barracuda Networks.

Q: Was Sony quick enough to inform users about the theft of their data?

Sony has not managed this crisis appropriately so far, by not taking immediate and full responsibility for the problem, says Susan Fournier, an associate professor of marketing at Boston University's School of Management. "Their statements to the press actually seek to deflect blame and indicate no ownership of what has happened."

Q: What price might Sony pay in lost trust and lost customers? Should it compensate users?

Still to be seen is whether Sony "has stored enough trust reserves to get it through this crisis," Fournier says. "It is hard to come out of this and feel that the company cares about me."

The PSN relationship with users is not a simple one. "I think Sony has what we would call a communal relationship based in trust and reciprocity," she says. "The 'appropriate compensation' here is more likely attention, caring, empathy (and) specific actions that fix the problem and prevent it from happening again."

In real world costs, Sony could be on the hook for millions. According to the Ponemon Institute, the average cost of a data breach in 2010 increased to $7.2 million, with an average cost of $214 per compromised record.


Post a Comment

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Grocery Coupons