coakley sony

8/7/2019 Coakley Sony

1/3

Attorney General Martha Coakley

The Off icial Website of the Attorney General of Massachusetts

Mass.Gov

>Home

Contact:

Amie Breton(617) 727-2543

MARTHA COAKLEY

ATTORNEY GENERAL

May 04, 2011 - For immediate release:

AG Coakley Calls on Sony Network Entertainment to Provide Noticeabout its Recent Data Breach to All Massachusetts Consumers

AG Offers Guidance to Consumers on How to Protect PersonalInformation

In light of reports that the personal information of millions of its customers may have beencompromised, Attorney General Martha Coakley is calling on Sony Network Entertainment to notify all affectedMassachusetts consumers about the data breach. AG Coakley also issues the following advisory with tips for consumers to protect themselves from identity theft.

BOSTON

In written notification to the company, AG Coakleys office has informed Sony Network Entertainment that it must provide proper legal notice to affected Massachusetts residents in accordance with the Commonwealths data breachnotification statute, G.L. 93H. Specifically, Sony must provide clear and conspicuous notice of the data breach toconsumers on the main homepage of the website as well as notify all affected Massachusetts residents via electronicmail. It also must publicize the notice in media throughout the Commonwealth.

This is certainly a significant breach of personal information for millions of Sony customers, including hundreds of thousands of Massachusetts residents, AG Coakley said. While the case remains under investigation, we believeSony should immediately notify all of its Massachusetts consumers about the breach so that people can take steps to

protect themselves.

On April 26, Sony Network Entertainment announced that between April 17 and April 19, certain PlayStation Network and Qriocity service user account information was compromised in connection with an unauthorizedintrusion including name, address (city, state, zip), country, email address, birth date, PlayStation Network/Qriocity

password and login, and handle/PSN online ID. It is also possible that profile data, including purchase history and billing address (city, state, zip), and PlayStation Network/Qriocity password security answers may have beenobtained. Likewise, if a user authorized a sub-account for a dependent, the same data with respect to the dependentmay have been obtained.

While Sony Network Entertainment claims there is no evidence at this time that credit card data was taken, it hasstated that it cannot rule out that possibility. Sony Network Enterta inment acknowledges that if you have providedyour credit card data through the PlayStation Network or Qriocity, your credit card number (excluding security code)and expiration date may have been obtained.

Although Sony has posted information about this matter on its website atand provided notice via electronic mail to some Massachusetts consumers, AG Coakley is

calling upon Sony Network Entertainment to provide more clear and conspicuous notice to consumers on the mainhomepage of the website as required by Massachusetts law. AG Coakley is also calling on the company to notify allaffected Massachusetts residents via electronic mail and to publicize the notice in media throughout theCommonwealth.

http://us.playstation.com/news/consumeralerts

On May 2, 2011, Sony Online Entertainment announced that between April 16 and April 17, 2011, hackers alsogained access to Sony Online Entertainment systems and may have obtained personal customer information.Personal information consumers provided in connection with their SOE accounts may have been stolen in a cyber-attack including name, address (city, state, zip, country), email address, gender, birth date, phone number, login nameand hashed password. Sony Online Entertainment states that this time it does not believe that its main credit carddatabase was compromised. The Attorney Generals office is continuing to investigate and get more information on

http://www.mass.gov/?pageID=cagopressrelease&L=1&L0=Home&sid

5/4/2011


2/3

this matter as well.

In light of this recent news, Attorney General Martha Coakleys Office offers consumers the following information onhow to protect themselves against potential identity theft. Consumers who have PlayStation Network and Qriocityuser accounts or have used Sony Online Entertainment systems may wish to consider taking the following

precautionary steps:

1. Do no t respond to unsolicited emails, telephone calls, or mailings that ask you fo r your credit cardnumber, credit card security codes, social security numbers, or bank account numbers.

Additionally, if you use the same user name or password for your Sony servicesas you do for other unrelated services or accounts, we strongly recommend that you change them as well.

2. For all PlayStation Network, Qriocity and SOE services, it is strongly recommended that you log onand change your password.

3. Carefully review and monitor your credit card or other financial accounts for any unauthorized activityand monitor your credit reports.

4. Call one of the three major credit bureaus and place a one-call fraud alert on your credit report:

: Call (800) 525-6285, , or write: P.O. Box 740241, Atlanta, GA 30374-0241.Equifax www.equifax.com

: Call (888) 397-3742, , or write: P.O. Box 9532, Allen, TX 75013.Experian www.experian.com

: Call (800) 680-7289, , or write: Fraud Victim Assistance Division, P.O.Box 6790 Fullerton, CA 92834-6790.TransUnion www.transunion.com

You only need to call one of the three credit bureaus; the one you contact is required by law to contact the other twocredit bureaus. This one-call fraud alert will remain in your credit file for at least 90 days. When you place a fraudalert on your credit report, you are entitled to order one free credit report from each of the three nationwideconsumer reporting agencies.

Look carefully for unexplainedactivity on your credit report.

5. Order a copy of your credit report, and look for unauthorized activity.

If after reviewing your credit report you believe there is unexplained activity, you maywant to place an extended fraud alert on your credit report. In order to do this, you need to file a police reportwith your local police department, keep a copy for yourself, and provide a copy to one of the three major credit bureaus. Then an extended fraud alert can be placed on your credit file for a 7-year period.

6. If there is unexplained activity on your credit report, you may want to place an extended fraud alert onyour credit report.

Massachusetts consumers can place a security freeze on their credit reports. Inmost instances, a security freeze prohibits a credit reporting agency from releasing any information from your credit report without your written authorization. Consumers should be aware that placing a security freeze on

your credit report may delay, interfere with, or prevent the timely approval of any requests they make for newloans, credit mortgages, employment, housing or other lines of credit.

7. If there is unexplained activity on yo ur credit report, you may also want to consider placing a securityfreeze on your credit reports.

If you have been a victim of identity theft, and you provide the credit reporting agency with a valid police report, itcannot charge you to place, lift or remove a security freeze. In all other cases, a credit reporting agency may chargeyou $5 fee for each placing, temporary lifting or removing of a security freeze.

To place a security freeze on your credit report, you should send a written request to of the three nationwideconsumer reporting agencies by regular, certified or overnight mail at the addresses below:

each

P.O. Box 105788Atlanta, GA 30348

Equifax Security Freeze

P.O. Box 9554Allen, TX 75013

Experian Security Freeze

Fraud Victim Assistance DepartmentP.O. Box 6790Fullerton, CA 92834

TransUnion

In order to request a security freeze, you must:

Provide your full name (including middle initial as well as Jr., Sr., II, III, etc.,) address,

Social Security number, and date of birth;

If you have moved in the past 5 years, supply the addresses where you have lived over the prior 5 years;


5/4/2011


3/3

2011 Commonwealth of Massachusetts

Provide proof of current address such as a current utility bill or phone bill;

Send a photocopy of a government issued identification card (state drivers license or ID card, militaryidentification, etc.);

If you are a victim of identity theft, include a copy of either the police report,

investigative report, or complaint to a law enforcement agency concerning identity theft;

If you are not a victim of identity theft, include payment by check, money order or credit card (Visa, Master Card, American Express, or Discover cards only.) Do not send cash in the mail.

If you believe that you have been the victim of identity theft, you will need to take additional steps to protect your credit and your good name. For additional information, consumers may contact the Attorney Generals consumer hotline at (617) 727-8400, or view the Federal Trade Commissions identity theft resource, available at

.www.ftc.gov/idtheft/

##########


5/4/2011

coakley sony

Documents