PSN Fallout: Homeland Security, Privacy Commissioner investigate; banks affected

By on

The response to Sony’s PlayStation Network hack has now reached an unprecedented scale, with reports that the US Department of Homeland Security will join in investigating the breach.

“DHS’ U. S. Computer Emergency Readiness Team [US-CERT] is working with law enforcement, international partners and Sony to assess the situation,” spokesman Chris Ortman told NextGov. US-CERT is part of the National Cyber Security Division in the department, and coordinates a response to security threats.

Homeland Security will also join the FBI and 22 other US State Attorneys Generals in investigating the matter.

Also joining in investigating Sony’s attack (in a separate investigation) is the Australian Privacy Commissioner, Timothy Pilgrim, who announced on Thursday that his office will be investigating the attack.

“I am very concerned by news reports that hackers have stolen data from users of the Sony PlayStation Network. Our Office is contacting Sony seeking further information about this matter and we will be opening an own motion investigation,” he said in a comment.

“When such breaches occur it is important that organisations notify their customers promptly. This is an important step in helping to mitigate any potential impact on individuals such as the risk of identity theft and fraud.”

The news also comes with a report that Sony’s data breach could also affect credit card lenders. According to Reuters, analysts are predicting that Sony’s attack could cost them $300 million in order to replace credit cards that were taken in the attack. This is based on a price of replacing cards of US$3 to US$5, which includes postage, customer service costs and the card itself.

Sony’s PlayStation Network was abruptly taken down on April 21 – just before the Easter Weekend – and this week Sony confirmed that data was compromised in a security breach. The data includes users’ name, addresses, country, email address, birthdate and your credit card information – including billing address, and purchase history – have been obtained during the unauthorised intrusion.