As a PS3 gamer, what can I expect in the aftermath of the PSN security breach and system outage?

I’ve seen a few vague (very) details from Sony, including the free month of Playstation Plus for existing users, but I don’t know exactly what to expect and what I’ll get.

The last I read the services were to be turned on in phases starting May 1st, but here it is, the 4th, and the East Coast of the US is still dark. I gather I should change my password once I’m online, but how do I know which information is going to be encrypted going forward?

  • Is PS3 / PS4 Online Multiplayer Cross-Platform?
  • Are all PSN PSP games compatible with PS Vita?
  • Can I play Destiny without PlayStation Plus?
  • Can I rename my PSN account?
  • What happens to free games obtained through PlayStation Plus after it expires?
  • Can I download and play games from a friend's PSN account on a PS4?
  • Also, how do I join the class action lawsuit against Sony? I know many people find this gauche because the service is “free”, but I am repulsed by their inability to encrypt personal data, financials, and passwords. Totally inexcusable for a service of their size and exposure, and I want some revenge.

  • Can I have multiple PSN accounts?
  • Can one PlayStation Plus subscription be shared between multiple PSN accounts on the same machine?
  • Can I rename my PSN account?
  • Are all PSN PSP games compatible with PS Vita?
  • Bloodborne The Old Hunters purchase but no download
  • Is it possible to circumvent European censorship?
  • 2 Solutions collect form web for “As a PS3 gamer, what can I expect in the aftermath of the PSN security breach and system outage?”

    Sony has released a letter detailing what they have done and are going to do.

    What steps have you taken or do you plan to take to prevent future such
    breaches?

    The new security measures
    being implemented include the
    following:

    • Added automated software monitoring and configuration management to help
      defend against new attacks;
    • Enhanced levels of data protection and encryption;
    • Enhanced ability to detect software intrusions within the network,
      unauthorized access and unusual
      activity patterns;
    • Implementation of additional firewalls; and
    • The company also expedited a planned move of the system to a new data
      center in a different location with
      enhanced security.
    • The naming of new Chief Information Security Officer (CISO) directly
      reporting to the Chief Information
      Officer, Sony Corporation.

    Do you currently have a policy that addresses data security and retention
    practices? If not, why not? If so,
    what are those practices and do you
    plan any changes in your policies as a
    result of this breach?

    Yes, we do have policies that address
    data security and retention practices.
    Sony utilizes a global framework for
    providing policies to its group
    companies based on the international
    information security standard called
    “ISO/IEC 27001” to ensure consistent
    standard information security
    practices for each operating company.
    The Global Information Security Policy
    (“GISP”) sets forth the company’s
    information security management
    structure and administrative,
    technical and physical safeguards to
    protect the confidentiality,
    integrity, and availability of
    non-public information. The GISP also
    defines the overall direction and
    policy of Sony Group’s information
    security program and the authorities
    and responsibilities for information
    security management. Additionally,
    Sony provides a set of 14 standards,
    Global Information Security Standards
    (“GISS”), that specify the types of
    controls needed for the different
    categories of information security
    management (e.g., information
    classification, access controls and HR
    security). Continued application of
    these policies and practices, in
    addition to, an expedited move to our
    new enhanced security data facility,
    are the changes being made as a result
    of this breach.

    What steps have you taken or do you
    plan to take to mitigate the effects
    of this breach? Do you plan to offer
    any credit monitoring or other
    services to consumers who suffer
    actual harm as a result of this
    breach?

    Sony Network Entertainment America is
    committed to helping its customers
    protect their personal data and will
    offer its U.S. account holders
    complimentary identity theft
    protection services. Because the
    breach affects customers worldwide,
    different programs may be offered in
    other territories. Sony Network
    Entertainment America is also creating
    a “Welcome Back” program to be offered
    worldwide, which will be tailored to
    specific markets to provide our
    consumers with a selection of service
    options and premium content as an
    expression of the company’s
    appreciation for their patience and
    support. Central components of the
    “Welcome Back” program will include:

    • Each territory will be offering selected PlayStation entertainment
      content for free download. Specific
      details of this content will be
      announced in each region soon.
    • All consumers coming back to the PlayStation Network will be provided
      with 30 days of free membership in the
      PlayStation Plus premium subscription
      service. Current PlayStation Plus
      subscribers will have their
      subscriptions extended for the number
      of days PlayStation Network and
      Qriocity services were unavailable
      and, in addition, will receive 30 days
      of free service.
    • Music Unlimited subscribers (in countries where the service is
      available) will have their
      subscriptions extended for the number
      of days PlayStation Network and
      Qriocity services were unavailable
      and, in addition, receive 30 days of
      free service.

    Basically the same information as in Arda’s answer, but to be complete: Here is an email I just got from SOE.

    Dear Valued Sony Online Entertainment Customer:

    Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, province, zip, country), email address, gender, birthdate, phone number, login name and hashed password. Customers outside the United States and Canada should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-Canadian customer credit or debit card numbers and expiration dates (but not credit card security codes) may have also been obtained – we will be notifying each of those customers promptly.

    There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

    We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

    We apologize for the inconvenience caused by the attack and as a result, we have:

    1. Temporarily turned off all SOE game services;
    2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
    3. Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

    We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

    For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE’s services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

    To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

    We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.

    We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-866-436-6698 (Monday to Friday 15:00 to 22:00 GMT excluding holidays) should you have any additional questions.

    Sincerely,
    Sony Online Entertainment LLC

    We love Playing Games, especially Video Games.