After a week that's seen the unprecedented shutdown of the PlayStation Network for a solid week, Sony finally came forward with details about the "intrusion" earlier this week.
They weren't pretty.
According to a recent PlayStation Blog post, an "unauthorized person" may have obtained names, billing addresses, and even credit card numbers of PlayStation Network and Qriocity customers. That revelation alone is bad enough. The fact that Sony waited a full week to inform users is an astounding breach of trust.
"That's a seven day window," said John Yulzheimer, who is a Credit Expert Witness in addition to President of Consumer Education at Smartcredit.com. "Identity theft rings certainly don't need that much time."
In a situation like this, Yulzheimer told GamePro, the best strategy is "overt disclosure as quickly as possible" so that customers can take the proper steps to ensure the security of their identity, such as placing fraud alerts on credit card information. Instead, we're all left to wonder what has been happening to our personal information for the past week.
And according to Yulzheimer, the bigger problem isn't even the potential loss of credit card information. Credit cards, after all, can be canceled.
"If personal information gets out, then there's a black market for that type of information," Yulzheimer said. "It doesn't matter if it's been shut down. It's out there. And it can be traded and sold on the data black market."
So what will be the long term damage for Sony?
"Well, certainly one is trust. Sony has a decent reputation, and this doesn't do them any good," Yulzheimer told us. "And you have the liability issue if stories start filtering out about identity theft damages."
At this point, we really have no idea how much data has been leaked because Sony has been on media lockdown over this issue for the past week. But this is an issue where some transparency was needed; by keeping its customers in the dark for so long, Sony has opened them to all kinds of problems, including those described above.
Obviously, we here at GamePro are in the same boat as everyone else. We're all gamers, and we all have accounts on the PlayStation Network. Like you, we'll have to cancel our credit cards and possibly contact credit defense companies to guard against issues like identity theft.
When signing up for PSN (and Xbox Live for that matter), we offered up our personal information under the assumption that it would be safe. It's obviously worrisome that a determined hacker was able to penetrate Sony's defenses and take this information, but the damage could have been at least been controlled if they had been forthright about this last week. Instead, Sony decided to keep everyone in the dark, which is a grave disservice to its customers.
Ultimately, we all know what we're getting into every time we put our personal information out there on the Internet. But after an incident like this, one really has to wonder: who can we trust, anyway?