PlayStation Network Breach Shows Government Agencies Need More Incident Data

Government IT officials who are following ongoing developments of the PlayStation breach said that more timely and granular data would help state governments protect citizens’ privacy.

by / May 16, 2011

Sony’s PlayStation Network, a popular online gaming and digital media platform, is undergoing a phased restoration throughout the U.S. this week after being offline nearly one month due to a serious and massive security breach.

The hack jeopardized personal information linked to PlayStation network’s 77 million registered user accounts, Kazuo Hirai, the head of Sony’s games division, wrote in a letter to the U.S. House of Representatives. 

The high-profile incident has renewed calls for more detailed breach disclosures from the private sector. Government IT officials who are following ongoing developments of the PlayStation breach said that more timely and granular data would help state governments protect citizens’ privacy and also help government agencies protect themselves from similar cyber-attacks.

“A lot of the information that comes out in news media and from law enforcement and from the Attorney General is generic and not necessarily on point for a specific incident,” said Joanne McNabb, chief of California’s Office of Privacy Protection. “It’s a standard thing you hear: ‘There was a data breach. Well, put a fraud alert on your credit file, check your credit report.’”

McNabb thinks customers affected by the PlayStation breach may have needed more specific information. “You’d want to be putting a fraud alert and checking your credit reports if your Social Security number or your driver’s license number were involved,” she said.

But in this case, McNabb was speaking hypothetically. According to Sony, drivers’ license numbers and Social Security numbers weren’t compromised. Still, plenty of personal information was cracked: each customer’s name, mailing address, country, e-mail address, birthdate, PlayStation Network password and login, online ID, profile data, purchase history, billing address and password security answers.

On Sony’s official blog, the company listed steps for consumers to take to protect themselves from identity theft. This advice included checking credit reports and issuing fraud alerts, and also accessing educational information on the U.S. Federal Trade Commission’s website.

More detailed breach information could also help governments lend a helping hand. “It would be great if every state had good information on privacy concerns for individuals,” McNabb said. It’s an issue more and more people are interested in as technologies evolve, she said.

Sandy Chalmers, administrator of Wisconsin’s Division of Trade and Consumer Protection, said that local law enforcement agencies don’t often have the time or resources to pursue cyber-criminals, so local government has a greater incentive to educate consumers about breach incidents. “It’s in government’s best interest to have best practices in place and to continually review those plans because this [threat] is only going to become more and more prevalent.”

McNabb thinks all state agencies should have access to detailed  information when a serious incident like the PlayStation breach occurs. “It’s an issue that keeps coming up because it’s related to technological developments. It takes some focused attention to it to be able to provide assistance to people,” she said.

Hilton Collins

Hilton Collins is a former staff writer for Government Technology and Emergency Management magazines.

Platforms & Programs