The Sony Playstation Network or PSN has been offline for a while now. At first users were irritated that they weren’t able to play online games and watch movies via Netflix. As the outage drug on things started to look worse with Sony hinting early on that the breach was believed to have been caused by a third party. Things deteriorated when Sony finally admitted there had been a breach, and it was possible that all the user’s account data was stolen including the credit card information.
Sony says at this point it has no indication that user credit card data was stolen. However, Application Security CTO Josh Shaul said, “They [Sony] indicated that they’re worried about it, which is probably a very strong indication that everything was stolen.” Sony has said that purchase history and credit card details “may” have been stolen but the three-digit security code wasn’t. The lack of that three digit code will do very little to protect anyone whose credit card details were stolen.
Forbes reports that if the hacker or hackers responsible for the heist were successful in getting the credit card data this would be one of the biggest known thefts of financial data. Sony is already facing class action suits over the breach, and that is only a fraction of the monetary liability Sony could have in the incident. The Ponemon Institute says that the estimated cost per record of a data breach in 2010 resulting from malicious action was $318 per compromised record. With 77 million user accounts, exposed Sony is looking at $24 billion in possible expenses.