Attorney General Peter F. Kilmartin warns consumers of potential identity theft related to a security breach at Sony that occurred between April 17 and April 19. According to Sony, personal information of more than 77 million users worldwide has been compromised when the system was hacked into earlier this month. Sony only made public the security breach this week, despite being aware of the breach since it occurred.
Tuesday, Sony announced that hackers stole personal data, including name, address (city, state, and zip code), country, email address, birth date, PlayStation Network/Qriocity password and login, and handle/PSN online ID.
It is also possible that profile data, including purchase history and billing addresses (city, state, zip code), and PlayStation Network/Qriocity password security answers may have been obtained. While there is no evidence at this time that credit card data was taken, Sony cannot rule out that possibility.
“Scam artists and identity thefts are very sophisticated. They can extract identifying information and gain access to financial information based on your buying patterns, username and password choices,” said Attorney General Peter Kilmartin. “Consumers need to be more and more vigilant and tech savvy to avoid being a victim of these security breaches.”
Attorney General Kilmartin added, “This is the second large-scale data breach in a month, impacting tens of millions of consumers, yet information on the breadth and scope of the breach is slow in making its way to the consumers. It appears Sony was aware of this massive breach but did not take immediate action to inform its loyal customers. That is unacceptable. Businesses are putting their customers at risk when then don’t disclose this information, and need to be more forthcoming when there is even the slightest risk of identity theft.”
Attorney General Kilmartin reminds consumers to be cautious of emails and phone calls from individuals and companies claiming to be Sony or affiliated with Sony contacting you about the security breach. Sony has publicly stated that the company will not call, email or contact by mail any customer regarding the security breach. Any attempt by a company or individuals to solicit information related to the security breach is a scam.
Furthermore, because it appears that email addresses were compromised, be aware of any company using email to obtain personal information for any purpose.
Consumers should follow these tips to prevent identity theft:
Change computer and website usernames and passwords
Do not follow a link to a secure site from an email; always enter the URL manually.
Do not enter your bank account number, social security number, credit card number or any other personal information in a web page that you were linked to through an email or text message.
A legitimate financial institution or entity will not ask you to provide personal identifying information in an email or ask you to verify personal identifying information in an email.
If you are worried about your account, do not respond to the email, text, or automated call. Instead, call your financial institution or entity directly from the phone number you have from your personal records, bank statement, phone book or Internet search.
Use a phishing filter.
Use anti-virus and anti-spyware software; use a firewall and update them regularly.
Review credit card and bank account statements as soon as you receive them.
If you suspect that your password on a website has been compromised, call the company immediately to change your password.
If you believe you are a victim of consumer fraud, please contact the Consumer Protection Unit at the Department of Rhode Island Attorney General at (401) 274-4400. You can download a consumer complaint form by visiting our website at www.riag.ri.gov. You can also email us at firstname.lastname@example.org.