New York, Rhode Island AGs Look Into Sony PlayStation Network Hack

Sony, which just last month announced it was the victim of one of the largest security breaches in internet history, now faces a subpoena in New York state and questions from Rhode Island’s Attorney General over the hack. They join a growing list of officials – including members of the U.S. Congress – who have questioned Sony’s handling of the <"">PlayStation Network security breach.

As we’ve reported previously, the security breaches have hit three of Sony’s networks – the PlayStation Network, Qtriocity and Sony Online Entertainment (SOE) services. The company’s servers were hacked sometime between April 17 and 19. Sony discovered the hack of the PlayStation Network and Qtriocity services on April 19, but didn’t make a public announcement until April 26. Sony announced earlier this week that the SOE service had also been breached. The services remain offline while Sony works to improve its security.

More than 100 million people have had their personal information compromised by the attacks. About 12 million account holders worldwide had credit card information on file with the networks, but Sony can’t confirm if that information was accessed. However, various media outlets have reported that parties purporting to be the hackers have offered credit card information for sale on underground online forums.

According to The New York Times, New York Attorney General Eric Schneiderman has subpoenaed three Sony divisions – Sony Computer Entertainment America, Sony Network Entertainment and Sony Online Entertainment. The subpoena seeks information on how Sony protects customers’ personal information.

In Rhode Island, that state’s Attorney General’s office sent Sony a letter on April 28 requesting the company provide it with full disclosure of the breach and more importantly whether any Rhode Islander’s credit card information was stolen.

“Frankly, we were surprised by the lack information that came out and the time it took Sony to notify people and their first response was to put it on their website.” Mike Morrisey, Chief of Staff at the Rhode Island Attorney Generals Office, told WPRI News.

Meanwhile, Sony has sweetened its compensation offer to users of its downed networks. Initially, it only offered its customers 30 or 60 day free memberships on its PlayStation Network. But according to a new posting on the PlayStation blog, the company will now foot the bill for a year’s subscription to the AllClear ID Plus identity theft prevention service. The monitoring service includes a $1 million insurance policy to cover any losses due to identity theft.

According to the posting, Sony will be sending out activation emails for the program over the next few days, and customers will have until June 18th to sign-up and redeem their code.

Sony already faces at least two class action lawsuits over the security breach, one in the U.S. and one in Canada. Among other things, both lawsuits seek to compel Sony to pay for credit monitoring for affected customers.

This entry was posted in Consumer Fraud, Sony PlayStation Breach. Bookmark the permalink.

© 2005-2019 Parker Waichman LLP ®. All Rights Reserved.