Information Commissioner’s Office Set To Quiz Sony

Sony issued a statement last night letting their customers know their details may very well have been compromised.  Names, addresses, date of births, PSN accounts, purchase history and credit card information was all captured by what Sony called an ‘external intrusion’.

But how safe was your data?  Eurogamer has revealed that the Information Commissioner’s Office is set to question Sony over how they stored the information, in particular the credit card information.


“The Information Commissioner’s Office takes data protection breaches extremely seriously,” the organisation told the site this morning.  “Any business or organisation that is processing personal information in the UK must ensure they comply with the law, including the need to keep data secure.”

“We are contacting Sony and will be making further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office,” said the ICO.

Of particular concern are the PSN passwords that are – according to some – sent in clear text and not encrypted.  Naturally we advise our readers to ensure that each and ever site or application they use has a distinct, unique password – if not, you should make steps to do so straight away, especially if your PSN password was used for anything else.

You can change your TSA password here.

And we’d echo what Sony are saying, albeit rather too late for comfort: keep an eye on your card accounts and think seriously about ID protection.



  1. Changed all my passwords a couple months ago when my email account got hacked. Thank Krishna I forgot to change it on PSN!

  2. Thankfully my passwords are all different.

    • Bank advised also. You dont realise how something as trivial as your Gaming ID is so integral to your life really? Heres hoping this gets sorted out and isnt as bad as we all fear.

      • You’re totally right, I went through my online site and back account passwords this morning and there were far more than I had expected. Probably haven’t got all of them but I’ve certainly caught those with the same password as my PSN and stored card details.

  3. “Naturally we advise our readers to ensure that each and every site or application they use has a distinct, unique password.”

    Uh, I already have enough trouble remembering the ten or st. different passwords and codes I have. If I need a different one for every single site and application, sheesh…

    • There’s an easy solution. Find letters specific to that site and stick them on the end of your current password. Say the first two letters of the site name. Should give you a unique password for each site that’s easy enough to remember.

      • unless someone works out one password and grasps this idea essentially getting all your passwords at once ;P

  4. in all, its a massive pain the arse doing it to every account I have. The thing is I could of done this 6/7 days ago instead of doing it now.

  5. I’m glad the password I used on my PSN account was unique. Guess I’ll be getting a new card. But the hackers didn’t get the security code, so is it really necessary? I hope we get more details on this ASAP.

  6. I highly recommend for a great extension. I use it to generate random passwords for all the sites I use, which is very helpful in these scenarios.

    • I agree with this, lastpass is really great

  7. I cant help but get the feeling this is all been blown out of proportion a bit…. I mean what has happened is serious don’t get me wrong but it seems like the gaming press are turning this into some massive catastrophe. Is it a slow week for releases or something, are a lot of writing staff off work this week?

    A lot of companies dealing with a larger volume of financial transactions have suffered the same thing, for example and to a lesser extent…. I didn’t see endless articles, forum posts and people sending all the goods they had brought from these places back because this happened, so why are we all so quick to tear Sony down and question their security protocols?

    What has happened is a focused determined attack by a minority intent on proving a point that has probably been lost in amongst all the news and two line updates we have had the past week. I really feel for Sony here, they have acted in our best interests, to protect further damage and all we do is moan the PSN is down, you can still play games without the PSN, not all I know, but most are still playable. The weather recently has been glorious get outside or do something else for a change, the games will still be there when you get back!

    I am sure after all the dust has settled a very small proportion of the total number of PSN accounts will have been affected. They have probably got my dummy US account registered to a pizza shop in New York!

    The other companies we deal with banks, websites etc that may be affected by our details been compromised also have security measures in place so anyone trying to use the info obtained wont get far, I am sure they are been tracked/monitored as we speak.

    Sony are to big a company and have been around to long to have a slack system in place to handle security etc. It shows the professionalism when they bring in a recognised industry leading company to assist them with the tracking and then rebuilding of the network, the cracking of the PlayStation by GeoHotz and subsequent events have a lot to answer for as I am sure this all stems from that unlocking of the system.

    I fully support the action taken so far and it wont change my attitude towards Sony or the PSN. Right rant over!

    • I’m inclined to agree, I mean who are we to assume that Sony’s security is poor or non-existent without solid knowledge.

      I think that from a PR perspective Sony could maybe have made last night’s announcement rather sooner if indeed people’s personal data has been at risk, given that data fraud may well have occurred in the time between last Wednesday and this Tuesday.

      I think perhaps it has to do with the volume of data potentially stolen, I read this morning that iTunes and Amazon are the only companies with a greater quantity of user’s credit card data stored online.

      Personally I have reset a bunch of passwords for accounts that frankly peobably should have been changed long ago, so IMHO it has led to a wise move on my part.

    • I agree with you completely. the people responsible for this “intrusion” were not out for us (the gamers) at all. it wouldnt surprise me in the least to figure out after all this noise not a single psn account was touched. in fact im almost positive thats whats going to happen…Ponder this thought for a second.. you mentioned something about how there is so much hype about this situation. could you imagine if there was no such intrusion? and it was just an excuse for sony to come back with jacked up prices for everything because of all the “time and money” spent on taking care of this problem… i know super paranoia but in this day and age it could be an excellent marketing strategy… comatoast out!

  8. I really don’t believe that the passwords are stored in plain text. That’s just plain stupid. Even for smaller and simpler applications, it’s a múst to hash any passwords.
    It would really be an epic fail if they stored it in plain text..

    • Even if you use the most basic of pre-made forums the passwords are still encrypted. User’s details aren’t but passwords certainly are.

  9. Spent the morning cancelling my cards and requesting new ones as well as changing passwords.
    Lets hope this problems gets sorted quickly, they find the people responsible and normal service resumes soon.

  10. I don’t know what scares me most- the mrs taking my card into town or criminal gangs getting hold of it!!

Comments are now closed for this post.