By now almost everyone I know (and millions of people I haven't had the pleasure of meeting yet) has read or heard about Sony's announcement last week that its PlayStation network was hacked and that the Personal identifying Information (PII) of potentially 77 million individuals worldwide has been compromised. Then, earlier this week, Sony notified us that there'd been a second breach. This one involved the accounts of 25 million members of Sony Online Entertainment, which hosts the popular online game EverQuest, among other diversions. That means that the PII of more than 100 million Sony customers is now twisting in the wind. And now, a law firm in Canada has filed a class action lawsuit against Sony for more than $1 billion in damages on behalf of nearly one million Canadians.
It is a reasonable assumption that many minors inhabited both of these Sony networks. The stolen PII included names, dates of birth, email addresses, physical addresses, user IDs and passwords and at least some credit card information. Further, children or their parents might unwittingly give up additional information (or expose their computer to malware that would turn their home network into a broadcast vehicle for their financial account numbers and passwords) to a "phisher" pretending to be a legitimate Sony representative following up on the breach. Were they to give up their Social Security number, for example, someone could do quite a bit of damage, especially given children have no reason to check credit information for many years to come. Perhaps the fact that the breach was so large, and involved kids, explains why in a week that saw mile-wide deadly and horrific tornados, a US president publicly releasing his birth certificate, and precious metals prices reaching all-time highs, the PlayStation breach made the front page of the Wall Street Journal.
[Related article: As Breach Worsens, Sony Leaders Say They Knew of Security Problems]
Here's why: While, the compromise of children's identities isn't new, it certainly is a big story when it happens. It has been estimated that more than 400,000 such incidents occur each year and that number has been growing for some very good reasons. First and foremost, however vigilant most adults may be about their own identities, rarely do parents think about monitoring their children's status. A thief thereby gains something very important—precious time before any discovery of the felony occurs. Secondly, a child is very likely to have a dormant Social Security number, which presents a clear field for account creation and manipulation. Again, should the perpetrator of a phishing attack succeed in obtaining a SSN, the damage he could do setting up new, fraudulent credit accounts could go undetected for years.
Frankly, I'm not surprised that Sony was hacked. Major data breaches, many of which have been the subject of several of these columns, are occurring about once a week these days. Surely one cannot reasonably believe that Sony—or for that matter its competitors, Microsoft and Nintendo—could be immune.