Sony tells customers their personal data might be at risk

Sony began warning customers on Tuesday afternoon that their personal information may have been compromised by an attack on the PlayStation Network last week that may impact up to 77 million consumers worldwide.

The announcement, Sony’s first in-depth explanation of the attack that brought down gaming platform last week and upset millions of gamers, came on the same day Sen. Richard Blumenthal (D-Conn.) wrote to Sony demanding more information on the attack.

Sony released the statement warning customers of the that user account information was compromised between April 17 and April 19 “in connection with an illegal and unauthorized intrusion into our network.” Users’ names, addresses, email addresses, birthdates, passwords and logins have all been compromised.

“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” wrote senior corporate communications director Patrick Seybold.

“If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”

In response, Sony has shut down its servers and hired an outside firm to strengthen its security protections. They encouraged customers to remain vigilant regarding possible identity theft and noted that U.S. residents are entitled by law to one free credit report annually from each of the three major credit bureaus.

“Our teams are working around the clock on this, and services will be restored as soon as possible,” Seybold said. “Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information.”

Those measures fall short of the expectations outlined by Blumenthal in his letter, which include Sony paying for two years of free credit reports for all affected consumers as well as insurance against identity theft.

Given the scale of the incident and the current bipartisan momentum for online privacy legislation it appears likely either Congress or the Federal Trade Commission will be prompted to examine the incident further.