Sony’s recent announcement that it’s 70 million-strong PlayStation Network was hacked has left many consumers wondering what to do. According to a statement by Sony, subscribers to both its PlayStation Network and Qriocity music streaming service have had their name, physical address, email address, birthday, login name, and password stolen by an unknown hacker.
Sony also said it was possible that members’ profile data, purchase history, security questions and answers, and credit card numbers and expiration dates may have also been taken in the breach.
What should you do?
If you’ve got an account on either the PlayStation Network or Qriocity services and have provided them with your credit card information, get a new card. While Sony says there is no evidence that credit card numbers were stolen, they can’t rule it out as a possibility. While you’re generally not liable for fraudulent charges made on your account, why put yourself through the hassle of checking statements and refuting bogus charges?
First inform your credit card company – or bank if you have a debit card – that your information may have been compromised. They’ll be more than happy to send you a new card. (Keep in mind, however, that if your card is now being used to make automatic payments, you’ll have to change your card information.)
Next, file a fraud alert with one of the three major credit bureaus, Experian, TransUnion, or Equifax. A fraud alert makes it harder for anyone (including you) to get credit in your name, so it’s a great way to deal with ID theft either as a preventative measure or after it may have occurred.
With a fraud alert on file, lenders will take additional steps to verify that the person opening an account in your name is actually you. Typically, this means that you’ll have to answer a few questions about where you’ve lived in the past, or what model car you owned in 1998; things that you’ll know easily but an identity thief would have a hard time finding out.
The fraud alert is free, and lasts for 90 days. You can renew it at the end of those 90 days by filing another alert, so mark your calendars to keep from forgetting.
Note: There are many services that promise to protect your credit for a fee. Typically, these services file a fraud alert on your behalf and automatically renew it after the 90 day period. Is that worth the money they charge? You’ll have to decide for yourself. Check out our story 10 Tips for Free Identity Theft Prevention.
Next step: Change your password. If you use a unique password for the PlayStation Network and Qriocity services, then you’ll only have to change it on those two sites. But if you’re like most Americans and reuse the same password in multiple places, you’ll want to change it everywhere. This can be annoying but is important to protect your privacy and security online.
Finally, the FTC asks that you consider filing an official complaint. Complaints are included in a national database and can assist the FTC and law enforcement agencies in finding those responsible for stealing your information. Complaints can be easily filed online in about 5 minutes by visiting www.ftccomplaintassistant.gov.
For additional help, the FTC has set up an identity theft site that can provide you with more information, as well as links to your state’s specific identity protection laws if available, at www.ftc.gov/idtheft.
More information on the breach can be found on Sony’s Consumer Alert page or by calling them directly at 1-800-345-7669.
Direct links to file a fraud alert
- Experian - https://www.experian.com/consumer/cac/FCRegistration.do?alertType=INITIAL_ALERT
- Equifax - https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp
- TransUnion - http://www.transunion.com/corporate/personal/fraudIdentityTheft/fraudPrevention/fraudAlert.page