Sony’s president and CEO has made a peace offering to PlayStation Network and Qriocity customers in the United States but Canadians will have to wait longer for similar compensation.
More than 100 million accounts may have been affected by a security breach that was first identified by Sony on April 19. It wasn’t until April 26 that Sony spoke publicly about the cyberattack.
The company warned that data including names, birth dates, email addresses and log-in information was compromised. Sony also said encrypted credit card data from 10 million accounts may have been accessed.
In a letter posted online, Howard Stringer acknowledged the “frustrating time” for users of the online services but said there’s been no evidence that any compromised personal information or credit cards have been misused.
He offered U.S. customers a 12-month $1 million identity theft insurance policy and said a similar offer for users in other regions would be “coming soon.”
Last week, a Sony Canada spokeswoman was quoted as saying a Canadian offer would be detailed “shortly.” She declined to provide an update when contacted Thursday.
While Sony insists there have been no reports of fraud in connection with its security breach, it is still recommending that customers follow some precautions to protect against losses.
Sony says users should change their passwords and if similar log-in data was used on other websites, those passwords should be changed too. Sony also says it will not be contacting customers asking for any personal information, and any such calls or emails would likely be made by scammers possibly trying to commit identity theft fraud.
Users should also monitor their account statements for any suspicious activity, Sony says, while other security experts have recommended that any credit cards registered with Sony should be cancelled.
On Wednesday, Canada’s privacy commissioner Jennifer Stoddart said she was disappointed that Sony did not proactively alert her office of the breach. She’s calling for new legislation that would force companies to disclose security breaches and she wants the power to impose “attention-getting fines” as a deterrent.