Earlier today, we received a email from the Data Protection Commissioner in regards to the PSN Breach that could have disclosed sensitive information on the members of Playstation Network.
Dear Sir,
Thank you for your email received by our office on the 26th April 2011.
“This Office is aware of the security breach incident affecting some of
Sony’s on-line services. We have made contact with Sony Ireland and sought
a report as described in the Personal Data Security Breach Code of Practice
published by the Data Protection Commissioner. We will investigate the
matter as outlined in the Code of Practice ( you can access the Code of
Practice and associated guidance:
http://www.dataprotection.ie/docs/Breach_Notification_Guidance/901.htm
We will be coordinating with other European data protection authorities
in this regard.
This Office will focus on securing the rectification of the problems that
have led to this breach and the prevention of any repeat incident. Please
note that the powers of the Commissioner do not extend to the award of
compensation.
We understand that Sony has suspended its on-line services. We recommend
that you should immediately change passwords for any web-based services,
such as e-mail accounts that use the same or similar passwords. You should
also be vigilant against spam or other attempts at fraud based on the
information gleaned from Sony’s systems. As Sony is unable to rule out the
compromise of credit card details, if you have provided credit card details
in connection to Sony’s on-line services, you should exercise particular
vigilance in regard to activity on your credit card account.
You may wish to see advice provided Sony in relation to the incident at
the following link:
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593
Information Officer
Office of the Data Protection Commissioner
Canal House
Station Road
Portarlington
Co. Laois
Ph: 057 868 4800
E: info@dataprotection.ie
Its good to hear that the authorities are investigating the case, but as they said in the email, their powers do not extend to the award of compensation, so it is up to Sony whether or not individuals should be compensated. Hopefully those who paid for subscription services such as Qriocity and PS+ will be compensated.