Pretty sure PSN doesn't use bank account #s either. And yes, facebook potentially has all the other info. You'd be surprised how many use their birthdate as a password.

About the week notification, judging by the nature of people's response, I'd say sony was justified in waiting a week. You know why? Lots of tin foil hat wearers tend to panic for no reason. You can't release such info till you're absolutely sure that's the case. People were mad at the JP govt for withholding info on the extent of the radiation leak at fukushima. I understood why the JP govt did it when I heard of people hoarding KI in California.

I may seem like a sony bot to you but I actually agree that sony f'd up if they really didn't fully secure the data but I'm not sure what is truth from what's a rumor anymore. I also read a min ago that SOE had just laid off 200 people the week of the hack so chances are that it could be an inside job. If thats the case, I dont think any security software would've made a difference.

The most important thing is to take every situation for what it is instead of blowing it out of proportion. Is there any news of fradulent activity on anyones CC related to the breach as of this moment? No. Is there any news of I dentity theft related to the breach (IDK how this one would even be possible w/o an SSN which sony doesnt collect)? No. So why are people acting like they got robbed already?

ditto

same here

BOSTON / NEW YORK, May 3 (Reuters) - Sony has hired outside investigators to help clean its networks and catch the people behind a massive breach that exposed the personal data of more than 100 million video game users.  

The Japanese electronics giant has retained a team from privately held data that Forte is led by a former special agent with the U.S. Naval Criminal Investigative Service to work alongside the FBI agents, who are thus probing the matter.

Sony (6758.T) (SNE.N) said on Tuesday that it has thus brought on cyber-security detectives from Guidance Software (GUID.O) and consultants from Robert Half International Inc's (RHI.N) Protiviti subsidiary to help with the clean-up.

http://translate.googleusercontent.com/translate_c?hl=de&ie=UTF-8&sl=de&tl=en&u=http://uk.reuters.com/article/2011/05/04/sony-idUKN0311649920110504&prev=_t&rurl=translate.google.com&usg=ALkJrhjC7oVU0v_tlY-JKmyyqDA6hRwJrQ

No PSN in South Africa yet :(

Was hoping to play some Demon's Souls online. It's funny, I'm at Soul level 50 and haven't experienced the online at all

:( :( :(

Today, the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce held a hearing in Washington, DC on “The Threat of Data Theft to American Consumers.”

Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the subcommittee about the large-scale, criminal cyber-attack we have experienced. We wanted to share those answers with you (click here).

In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:

1. Act with care and caution.
2. Provide relevant information to the public when it has been verified.
3. Take responsibility for our obligations to our customers.
4. Work with law enforcement authorities.

We also informed the subcommittee of the following:

• Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
• We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
• By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
• As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
• Protecting individuals’ personal data is the highestpriority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
• We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.

We told the subcommittee about our intent to offer complimentary identity theft protection to U.S. account holders and detailed the “Welcome Back” program that includes free downloads, 30 days of free membership in the
PlayStation Plus premium subscription service; 30 days of free service for Music Unlimited subscribers; and extending PlayStation Plus and Music Unlimited subscriptions for the number of days services were unavailable.

We are working around the clock to have some PlayStation Network services restored and we’ll be providing specific details shortly. We hope this update is helpful to you, and we will continue to keep you posted as we work to restore our network and provide you with both the entertainment and the security you deserve.

http://blog.us.playstation.com/2011/05/04/sonys-response-to-the-u-s-house-of-representatives/

source

House hearing blasts Sony's "half-hearted, half-baked" hack response By Nate Anderson | Last updated: about an hour agoOriginally posted: about an hour ago Despite suffering massive breaches that made national news, neither Sony nor Epsilon showed up to a House hearing on data theft this morning—the predictable result of which was that both firms were just trashed in absentia. Rep. Mary Bono Mack (R-CA), chair of the Subcommittee on Commerce, Manufacturing, and Trade, opened the hearing with a sustained attack on both companies. After saying that both Sony and Epsilon were also "victims," Bono Mack stopped sympathizing with the firms. And she made clear that she's no fan of using "a blog" for public disclosure of a breach: But they also must shoulder some of the blame for these stunning thefts, which shake the confidence of everyone who types in a credit card number and hits "enter"… As Chairman of this Subcommittee, I am deeply troubled by these latest data breaches, and the decision by both Epsilon and Sony not to testify today. This is unacceptable. According to Epsilon, the company did not have time to prepare for our hearing—even though its data breach occurred more than a month ago. Sony, meanwhile, says it’s too busy with its ongoing investigation to appear. Well, what about the millions of American consumers who are still twisting in the wind because of these breaches? They deserve some straight answers, and I am determined to get them… Yet for me, the single most important question is simply this: Why weren’t Sony’s customers notified sooner of the cyberattack? I fundamentally believe that all consumers have a right to know when their personal information has been compromised, and Sony - as well as all other companies—have an overriding responsibility to alert them... immediately. In Sony’s case, company officials first revealed information about the data breach on their blog. That’s right. A blog. I hate to pile on, but—in essence—Sony put the burden on consumers to "search" for information, instead of accepting the burden of notifying them. If I have anything to do with it, that kind of half-hearted, half-baked response is not going to fly in the future. Panelists joined in. Dr. Gene Spafford of Purdue testified that Sony's system was weak, and that those weaknesses had been revealed on security mailing lists months before the breach. According to Spafford, key parts of Sony's PlayStation Network ran on Apache servers that "were unpatched and had no firewall installed." This was reported in a forum known to be frequented by Sony employees, he said, though no changes were made in the months leading up to the attack. Without Sony or Epsilon present, much of the hearing focused on potential data protection legislation that would create some kind of process for auditing a company's data security measures to make sure they conform to best practices. Breach notification rules were also discussed, and the Federal Trade Commission pushed for Congress to give it civil penalty authority to go after companies that lose data through carelessness; in the last 10 years, the FTC has brought cases against 34 such companies, though it is currently limited in the penalties it can seek. Can better standards really protect against such breaches? A Secret Service investigator at the hearing said that they could, adding that in his view, 96 percent of such breaches could have been avoided through straightforward, well-known security techniques. Sophisticated hackers do exist, of course, but they are rare. If companies can simply cut off script kiddie access to their systems, it will be a big step toward better data security.

So you're saying that Sony waited a week to notified their customers because people would panic? Notifying them a week after the attack only hurts Sony because it shows how slow they are and how little they care about their customers. And the fact that they barely found out about the SOE breach, almost two weeks after it happened, is embarrasing.

The SOE hack had bank account numbers in there. Not sure if they were encrypted, but Sony has confirmed that most of the data from PSN was unencrypted, except for the credit card numbers. But then again, you can out a new credit card with such information. I don't remember providing my SSN when I applied for a credit card from a major cc provider.

Identity theft victims don't tend to realize they've been a victim until a few months after their identities being stolen. It takes a few months until the damage is done, and some companies don't require your SSN to take out a loan or get a credit card. They have every right to be worried.

- PS3, PS2 & PSP owner
- Forensic course taker

A summary with timeline.

source

Some users are syncing trophies in Japan.

http://www.playstationjunkie.co.uk/ps3/trophies-syncd-in-japan/564/

I checked my Facebook PSN App and show trophies just for Japan (US and UK shows nothing).

I can post pictures.

Japan ranking now is:

1. Japan PixelJunk™ Shooter 2
2. トロともりもり (some random game in JP)
3. SOCOM 4: U.S. Navy SEALs
4. GTA IV
5. NO GAME

But one hour ago GTA IV was the second in that ranking.