SOE Service Hacked, Sony SaysMay 3, 2011 | Parker Waichman LLP
Less than a week after it revealed the massive PlayStation Network hack, Sony has announced a new security breach involving the Sony Online Entertainment (SOE) service. Like the PlayStation Network and Qtriocity services involved in the previous hack revelation, the SOE service has been temporarily taken offline.
As a result of the SOE hack, banking and credit card information belonging to more than 23,000 customers outside the U.S. may have been compromised. In a statement released yesterday, Sony said there as no evidence its main credit card database, which is kept "in a completely separate and secured environment," was compromised. However, there is evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have been obtained.
The SOE service is used for multiplayer online games like EverQuest, Star Wars Galaxies and Matrix Online. It is a separate service from the PlayStation Network.
The Sony PlayStation Network hack, which the company announced last week, was already one of the largest security breaches in the history of the Internet. The information that may have been put at risk by the PlayStation Network hack includes customer names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, and user names, as well as online user handles, and possibly credit card related data. While Sony has claimed the credit card data was encrypted, there have been reports that hackers are trying to sell the information on underground Internet forums.
The PlayStation Network data breach occurred between April 17 and April 19, with Sony reportedly learning of the hack on the 19th. Users of the network weren't informed of the breach until last Tuesday, however, with Sony claiming it wasn't aware of its severity until Monday.
Over the weekend, Kaz Hirai, executive deputy president of Sony Corporation, apologized for the PlayStation Network security breach. Sony also said customers would receive compensation in the form of free downloadable content and a free subscription to the PlayStation Plus enhanced online premium service. Sony says customers will receive a month's free subscription to PlayStation Plus. Existing subscribers to PlayStation Plus and Qriocity will get an extra month of free service.
At least one class action lawsuit has been filed over the PlayStation Network hack. It is seeking monetary compensation for the data loss and loss of use of the Sony PlayStation Network and credit monitoring. The lawsuit, which was filed in Federal Court in the Northern District of California, claims Sony failed to take reasonable care to protect, encrypt, and secure the private and sensitive data of its users.