Sony To Offer Free Identity Theft Monitoring

olsmeister writes "Several weeks after having the PlayStation Network hacked, and apologizing to users for the breach, Sony is offering $1 million in identity theft protection for users who sign up before June 18th. The protection is being offered through Debix and is called AllClear ID Plus. This appears to be some kind of custom plan especially for Sony, as their normal offerings are called AllClear ID Free and AllClear ID Pro."

yeah

[frozentier]

I'd trust Sony with protecting (or arranging protection of) my identity...

Re:yeah

I really can't stand some people here.

Re:yeah

[Tsingi]

I think that was sarcasm.

Re:yeah

Maybe he can't stand sarcasm... in that case, he probably shouldn't have come to Slashdot in the first place.

Re:yeah

[somersault]

I think he knows that. This is Sony making a deal with a 3rd party which deals in identity theft to help out people who may be affected by the PSN hack.

Despite it being something that they should really be obliged to do after their screwup, and therefore they shouldn't be congratulated too much, it's also something that the "Sony is the devil" types around here wouldn't actually expect them to do. I think that people should at least recognise that they're doing the right thing here.

Since it seems to be official (although it could potentially be a social engineering trick by whoever hacked the network, since they presumably have the details to upload to the PSN blog, etc), and free, I probably will sign up, despite having already cancelled the card I used for PSN stuff.

Re:yeah

[obergfellja]

but can you lay (with) some people here?

Re:yeah

[Tsingi]

I think he knows that. This is Sony making a deal with a 3rd party which deals in identity theft to help out people who may be affected by the PSN hack.

Despite it being something that they should really be obliged to do after their screwup, and therefore they shouldn't be congratulated too much, it's also something that the "Sony is the devil" types around here wouldn't actually expect them to do. I think that people should at least recognise that they're doing the right thing here.

Since it seems to be official (although it could potentially be a social engineering trick by whoever hacked the network, since they presumably have the details to upload to the PSN blog, etc), and free, I probably will sign up, despite having already cancelled the card I used for PSN stuff.

It isn't free, it's free for a year. That's not free, that's "Oh, well, we have this insurance in place, so we are not obligated"
It doesn't even come close to being free, but it does set a precedent for the future. Making it free for a year has the effect of sliding it by us.
And I agree, it is something they should be obliged to do, regardless of whether or not they have "screwed up", under the laws of the land. (Or what the laws should be.)

Re:yeah

[HermMunster]

In the case of this breach, the ramifications could be long lasting and/or not felt for a long time. Depending on the luck of the die (as there are so many ppl affected, you may not see any attempt of intrusion by them for a long time). My feeling is that this protection that Sony is offering will be for a short time and it will be a limited service. They'll offer you a certain level of protection for free but you'll have to pay for it if you want anything beyond that and that it'll be free only for a short period of time. This just gives the ID theft protection company a way to collect potential customer--resulting in no real protection, just a client info exchange between Sony and the ID theft protection company--worthless and expensive is what comes to mind.

And, Sony has said they'll give the PSN (et al) a free month's service, but the service is down going on a month where the customer's have paid for that month, so in the end they'll have received nothing except the service they paid for.

I certainly hope more of you will read between the lines and figure out when Sony is duping you.

Re:yeah

[berzerke]

...This just gives the ID theft protection company a way to collect potential customer--resulting in no real protection, just a client info exchange between Sony and the ID theft protection company--worthless and expensive is what comes to mind.

Seconded. I got the opportunity for "free credit monitoring" after a breach at a different company. However, the online form to submit your info was unencrypted. I checked the page's source. No https anywhere. And they were asking for things that an ID thief would need to steal me identity. I wound up walking away. Unfortunately, it wasn't a company I could boycott, because I was no longer doing business with them for unrelated reasons (a former bank).

Re:yeah

Welcome to Sony Identity Theft Monitoring.

Your identity has not yet been compromised.

You are number 7 in the queue.

Re:yeah

[node+3]

If I give you a free sandwich, is it also not free because I didn't give you a second one?

Re:yeah

[Tsingi]

A sandwich is not insurance, it isn't even in any way like or symbolic of insurance.
It's a sandwich.
lousy analogy.

Re:yeah

[node+3]

A sandwich is not insurance, it isn't even in any way like or symbolic of insurance.

It's a sandwich.

lousy analogy.

Um... If a sandwich was insurance, it wouldn't be an analogy.

You consume both, that's the analogy.

Re:yeah

[justsomebody]

hearing sony and identity protection in same sentence after all what happened => one can only be sarcastic

this news should be posted on April 1st

Re:yeah

[WorBlux]

Actually they are kind-of obliged. One million spent of ID theft prevention will prevent a much greater liability from use of those identities. They are also covering their asses in case of a class-action suit. Their defence could now be contributory negligence because those in the class failed to accept the offer of ID theft protection. They aren't doing the right thing because their particularly concerned about being right, but because the benefits of being right are obvious enough to them, and the term of time is short enough to keep corporate attention. (Usually corps are oblivious to anything more than 3-5 years out)

Let's give away our personal info again!!

[SomeoneGotMyNick]

So, when we sign up for this (somewhat unknown) Debix service, can we look forward to our full identities being stolen in the near future?

Re:Let's give away our personal info again!!

[fuzzyfuzzyfungus]

Are you calling all nine of these photogenic-but-irrelevant stock-footage models liars? For shame, cad. And they have "secure phone call" technology! That's, like, CIA shit, man. Totally trustworthy. I, for one, eagerly await the chance to enter all SSNs and CCNs into an improperly secured form when I get an email from the "s0ny h3rbal cust0mer Protection Se4vice" asking me to verify.

Re:Let's give away our personal info again!!

[Dachannien]

They're not really that photogenic. To me, photogenic means there's a hot chick in her pajamas telling me to sign up for an online correspondence school.

Re:Let's give away our personal info again!!

[somersault]

Loving the username here :)

Re:Let's give away our personal info again!!

Great advert. They must have photoshopped out the tenth guy stood at the end, looking angry and scared and clutching his credit cards close to his chest hoping that no-one will steal them.

Re:Let's give away our personal info again!!

[JackieBrown]

My job accidently sent a spreadsheeet out all of it's employees with our names, address, ss#, and wage.

They signed us up with Debix for 1 year as well.

Re:Let's give away our personal info again!!

[CraftyJack]

This is about as comforting as a carnival ride offering free tourniquets and crutches.

Re:Let's give away our personal info again!!

[trapnest]

It's harbl.

Re:Let's give away our personal info again!!

[GeorgeMonroy]

The redhead is all I need

Re:Let's give away our personal info again!!

They're not really that photogenic. To me, photogenic means there's a hot chick in her pajamas telling me to sign up for an online correspondence school.

I agree, without a hot chick in AT MOST pajamas how are we to take them seriously? They can't even get a hot chick to strip with money, and I think that really speaks to their salesmanship.

Re:Let's give away our personal info again!!

So, when we sign up for this (somewhat unknown) Debix service, can we look forward to our full identities being stolen in the near future?

Free Identity Theft, Monitoring

Re:Let's give away our personal info again!!

[king_grumpy]

The tenth security professional is busy selling data stolen from Debix.

Re:Let's give away our personal info again!!

Being male and heterosexual and desperate, I however found none of the female models even remotely hot. Company is clearly incompetent. No deal.

Rights

[swilver]

What rights am I signing away by doing this?

Re:Rights

[dunezone]

Actually this is a good point. When the PSN finally comes back on we will all be forced to change our passwords, I guarantee they will put up a new EULA that says by agreeing to this you give the right to sue us or join in a class action lawsuit. Now of course EULA have questionable legality but they will do anything to cover themselves and throwing in a few new sentences might be enough for a judge to side with Sony.

Re:Rights

[chemicaldave]

Why would someone who wants to sue SONY for incompetence want to keep using their products?

Re:Rights

[Killjoy_NL]

It's like training your dog, if it poos in the house, you discipline it, you don't throw it out.
And for people like me who have a big catalogue of games for the PS3 don't want to throw them out.

Re:Rights

[Krneki]

Why would someone who wants to sue SONY for incompetence want to keep using their products?

Sony users have Goldfish memory.

Re:Rights

[ProppaT]

This right here is what I've been waiting to see. You know there will be a new EULA. If Sony is smart, they won't include anything like that in the EULA (the last thing they need is more bad press), but I'm definitely waiting to read a lawyer's take on the EULA before I hit accept (normally I wouldn't, but in this case you know there's going to be a dozen or so breakdowns of the whole thing...and, besides, I'm too lazy to read it myself).

We really need to rework this whole EULA agreement deal. If companies are going to bombard us with new ones on a regular basis, they need to be bulleted points confined to a one page or so document. We already spent a ton of money on these dumb consoles, we shouldn't have to be required to read a 30 page legal document every time Sony decides to patch a bug in their software.

Re:Rights

EULA : SONY becomes the sole proprietor of said identity, reserves the right to change that identity to whatever the fuck they please, whenever the fuck they want, and the EULA supersedes are law in any country, anywhere, any time. Now shut up and type in your credit card number.

Re:Rights

[erroneus]

Sounds like you have some things to list on eBay or Craigslist to me.

Seriously, are you going to keep feeding this company? Okay, you spent money -- a lot of money. At what point would you consider Sony "too much" to continue dealing with? How bad would it have to get? Or perhaps you are afraid to let go like the way people are in a bad marriage?

Games are NOT an investment. Once you spend that money, it's only worth what you can resell it for.

Re:Rights

Can't be that bad, your soul belongs to Apple, your personal info to facebook and your creditcard-number to SONY.

Re:Rights

[Even+on+Slashdot+FOE]

I see you lack the concept of "replay value". Some people like playing games more than once, especially sandbox games and games with level editors.

Re:Rights

[chemicaldave]

It's like training your dog, if it poos in the house, you discipline it, you don't throw it out.

Suing SONY and given them a fine are two different things. Here's a better example. If my neighbor hits my parked car and I sue him, I don't see why I would want to associate with him anymore. And on the other side of the coin, my neighbor might want me to sign a waiver before I come over to his house for fear that I'll sue him again.

Re:Rights

[trapnest]

I wouldn't want to live next to you.

Re:Rights

[tixxit]

Seriously. If I could just diff old-eula.txt new-eula.txt I'd be as happy as a pig in poop. Instead, I'm supposed to re-read the mammoth PSN EULA every other month.

Re:Rights

[Culture20]

If it attacks you or the new baby, you put it down. Pets are only almost family. A ps3 even less so.

Re:Rights

[residieu]

In ALL CAPS. Because lawyers know you're even less likely to read it that way.

Re:Rights

[HAKdragon]

..or buying games used.

Re:Rights

[jd2112]

And like training a dog, unless you catch them at the moment they squat the discipline is completely useless.

Re:Rights

[DinDaddy]

I'd throw out the poo. Disciplined poo is still poo.

Re:Rights

[nschubach]

What's a ... oh look at the fishy.

Re:Rights

[afex]

you mean "Goldlfish memory stick PRO Duo", which means they're stuck with sony whether they can remember anything or not : (

Re:Rights

[node+3]

Why would someone who wants to sue SONY for incompetence want to keep using their products?

Because it's a damned fine console?

Insurance

[Tsingi]

If I understand this correctly, Sony will sell you insurance to the tune that, if doing business with them gets you ripped off, you get reimbursed?
And a year for free!
I have the lifetime policy, I don't do business with them.

Re:Insurance

I have the lifetime policy, I don't do business with them.

You mean you have the Lifetime Plus policy; you're also protected from initial transaction ripoff (i.e.: trading money for something made by Sony)

Sony finally learned from thier error!

[loftwyr]

They learned from their break-in. Now, Sony gets 10% of any revenue gained from the stealing of identities from their service. The finance team wouldn't let them lose this opportunity.

Well...

PPPPPP!

Does this cover everyone?

[richy+freeway]

It looks awfully like an American company for American users. What about the rest of the world?

Not that I care as I don't own anything made by Sony.

Re:Does this cover everyone?

The bloomberg article is pretty specific that it is for US customers only. Kind of a nice double-fuck-you for customers from the rest of the world. At least they are making sure I'm never even going to consider buying a Sony product or game again, the way they treat this issue.

Re:Does this cover everyone?

The rest of the world doesn't need identity theft insurance, as banks are liable when they fuck up.

Re:Does this cover everyone?

[nedlohs]

The rest of the world doesn't dish out credit to anyone who walks in and gives them a name and address, surely? Isn't that just an American tradition?

Why not click the link to http://blog.us.playstation.com/ from the article and make the obvious change to the url (say to http://blog.eu.playstation.com/) to see if other regions are offering something similar if you are so curious? Why would expect an article written to an American audience would do that for you?

Re:Does this cover everyone?

[Cochonou]

For Europe : see this link. http://blog.eu.playstation.com/2011/05/06/update-on-identity-protection-scheme/

Re:Does this cover everyone?

Why not click the link to http://blog.us.playstation.com/ [playstation.com] from the article and make the obvious change to the url (say to http://blog.eu.playstation.com/ [playstation.com])...

Tried that. There is no http://blog.ca.playstation.com/.

Re:Does this cover everyone?

as I don't own anything made by Sony.

In Sony logic, that means you still could have more (and legal too) Sony hardware and media in your home than hairs on your dog. ;)

After the facts

This is like offering you an umbrella after they pour a bucket of water over your head.

Fact: Your data is stolen and is currently being sold in underground markets!

Re:After the facts

[nedlohs]

Not like that at all. Since it's a service that attempts to deal with the results of your data being stolen, not a service that attempts to stop your data being stolen in the first place. So it's more like a damp hand towel than an umbrella in that analogy.

More Hacks

Sony gives you a free ID Theft Protection service, which will in turn, have their servers hacked next week.

Re:More Hacks

[equex]

I had to read the headline 3 times to make sure I was reading it right and then thought the same as you. This is just funny.

Re:Who the fuck is Matt Welsh?

It's the random quote that's always been at the bottom of every single page. It's switched every 15 minutes or every hour or something.

I don't know who Matt Welsh is, but his quote sucks.

Kind of pointless.

I've already changed my credit card and moved since the time long ago when they got my info, so the info that was leaked is all invalid anyways.

Re:Who the fuck is Matt Welsh?

[arielCo]

Hmm.... if there was some way to find out... if only...

Re:Who the fuck is Matt Welsh?

[arielCo]

Why? It's a question and a legitimate one, not an affirmation. Booing at these questions is what fanboyism is about.

Re:Who the fuck is Matt Welsh?

[Killjoy_NL]

This quote has been there for a few days now though, I noticed it because I often see what random funny quote is down there.

Will I need to give them my CC#???

[JohnRoss1968]

Yeah I trust SONY......
Might as well just post my CC# on 4chan

Re:Will I need to give them my CC#???

[vegiVamp]

Compared to Sony, I consider the regulars at 4chan a gentle, civilised people.

Re:Will I need to give them my CC#???

There are no "regulars" on 4chan. Every damn one of them is irregular and abnormal.

Re:Will I need to give them my CC#???

There's a valuable bit of insight to be had there, as far as which of them are gentle, civilized people.

What should they do?

[QuasiSteve]

Judging by the negative reactions already, I wonder.. what should SONY do?

Right now they're offering all sorts of stuff that usually isn't offered at all. You get a small post on a website or in (a) major newspaper(s) at best that tells you there was a breach, oopsie, and go contact your credit card issuer if you think that's a Bad Thing.

But clearly doing more than most other businesses do, isn't good enough.

So what should SONY do?

Viable options only, please. "Die in a fire" and "pay me $1M" and such I'm gonna guess aren't viable - solid arguments as to why they would be are welcomed nevertheless, they might yield a +5 Funny if nothing else.

Re:What should they do?

They could add some new features to the ps3. Add the ability to host media to other network attached devices, voip, install Other OS option maybe

Re:What should they do?

[man_the_king]

I think, that for this "Die Sony Die!!!!" lot, ANYTHING that Sony does is NEVER going to be enough.

/. is the home of the "I hate Sony, therefore they are wrong" crowd.

Re:What should they do?

[nschubach]

To be fair, I don't hate Sony. The only thing I've ever bought off them is my PS2 and PS3. Sure, getting hacked sucks, but I've had cards on file with places that got hacked before. It's not really that distressing or taxing to get the damages repaired (if any) or change your card number.

People like drama though, and this is giving them all the drama they want.

Re:What should they do?

[Lilith's+Heart-shape]

The executives should all commit seppuku. I won't believe they're sorry until they spill their fucking guts.

Re:What should they do?

[afex]

the best part is that for all the comments regarding how terrible they are and how they can't believe anyone owns anything sony, there sure seem to be a LOT of people on /. that were affected...

Re:What should they do?

[node+3]

Judging by the negative reactions already, I wonder.. what should SONY do?

You're new here, aren't you?

Viable options only, please. "Die in a fire" and "pay me $1M" and such I'm gonna guess aren't viable - solid arguments as to why they would be are welcomed nevertheless, they might yield a +5 Funny if nothing else.

Well, that answers my previous question...

The only thing Sony could do to please the haters is become a 100% open source Linux company, and even that's a long shot. Sony has raised the religious ire of the nerds, and only complete repentance and conversion, or ceasing to exist altogether, will suffice. Such are the non-negotiable demands of religious crusaders.

So what Sony should do is completely ignore the peanut gallery and simply do right by their *actual* customers. Catering to the Slashdot crowd would virtually ensure Sony's failure. It would be like someone actually going through the effort to appease the Westboro nutters. No matter what you do, you probably won't make them happy, and, even if you do, you'll have alienated everyone else.

Re:Who the fuck is Matt Welsh?

Except it hasn't been switched in about a month. The fact that pedantic geeks (myself included) have waited a month to raise a fuss about it is rather unlike most slashdot users.

Freeze your credit

[Jason+Levine]

As a victim of Identity Theft, I'd recommend to the people impacted by the Sony debacle (or any other ID breach) to freeze your credit. It costs (in New York, varies in other states) $5 per credit company per person. There are 3 major companies, thus $15 per person. Of course, this fee might be waived if you are a victim of ID theft. Details (and state specific fees) can be found here: http://www.consumersunion.org/campaigns/learn_more/003484indiv.html

Once frozen, nobody can check your credit or open new lines of credit. If you need to allow this action (e.g. because you are buying a car or applying for a job which requires a background check), you can temporarily unfreeze your credit. You can even specify who the temporary unfreeze applies to and for how long. (For example, "Friendly Car Loans can read my credit file from May 6th through May 20th.")

Of course, the credit bureaus don't like you freezing your credit because it means you can't sign up for those "Save 5% on your purchase by opening a credit card with us today" store cards. It also means they can't sell your credit information to other companies. But, honestly, those negatives for them are just more pluses for us.

Re:Freeze your credit

^THIS

I froze my credit 2 years ago and never looked back. In that time, I had to thaw it twice for mortgage refinancing, but that's it.

Credit monitoring = "we'll tell you if get robbed"
Credit freezing = "you can't get robbed"

'robbed' in this case means new lines of credit opened on your name by someone else. Regardless of any of these precautions, thieves could still run up charges on an existing line... So always read your statements!

Re:Freeze your credit

[drinkypoo]

You have to spend money to temporarily lift the freeze. This is just a moneymaking proposal. Further, in California people over the age of 65 get half off the fees. Fuck that, they're about to die anyway, *I* have my life ahead of me.

Re:Freeze your credit

Why should you have to pay for this? What did these credit bureaus do to get the right to collect all this information on you? Can I start calling up banks, say I'm from CreditMojo and ask for credit information on all their customers?

Re:Freeze your credit

[joost]

Thank you for this information. Why is not everyone doing this all the time? Seems like a useful thing to request for negligible cost.

Re:Freeze your credit

[augustusgloop]

^^^^ THIS I froze my credit (and wife's) two years ago and never looked back. I've had to thaw them a couple times for mortgage refinancing, but that's it. And in NC, setting the freezes and thawing are free, so no costs to me so far. Credit monitoring : "We'll tell you after you've been robbed" Credit freeze : "You can't get robbed" "Robbed" in this case means having someone else open a new line of credit in your name and then pollute your credit history. None of these measures will protect you from someone abusing an existing line of credit, so always check your statements!

Re:Freeze your credit

[Jason+Levine]

I agree that it's a moneymaking scheme. I believe, at one time, there was a federal law in the works that would let people freeze their credit for free, but the credit companies "convinced" the politicians that this was a bad idea. After all, if the credit companies seem to think it's their god-given right to sell your credit information to whomever they want, whenever they want and any law that makes it easy for people to say "don't do that" infringes on their "right to profit."

Re:Freeze your credit

[Jason+Levine]

Partly because it is a hassle when you need to thaw your credit. You need to think ahead and contact the appropriate agencies to thaw things out. Of course, it is a much bigger hassle to fix your credit if someone steals your identity. The other part, not to sound like a conspiracy theorist, is the credit companies. They *want* you to sign up for credit cards on impulse and they *want* to be able to give your credit information to anyone with a fist full of cash. Freezing your credit keeps this from happening. So even though it is good for you, they try to keep this option from being promoted too much. Instead they promote "Fraud Alerts" which supposedly alert you when someone opens credit lines, but is a voluntary system with no real enforcement.

Re:Freeze your credit

[Jason+Levine]

Just to clarify (after double-checking), you don't always need to spend money to temporarily lift the freeze. If you are a victim of ID theft, then many states will let you freeze/thaw for free. Of course, state laws vary. If your state requires $$$ for temporary thaws, contact your state representatives and demand that they make it free. If enough people do this, we can push back against the credit companies who would love to see roadblocks put in place against people freezing their credit.

On the other hand, the $30 per person (in California) that you spend to freeze your credit is much less than it could cost you in time/money/stress if an ID thief opens a line of credit in your name.

Re:Freeze your credit

There is a cost associated with lifting your credit to allow access.

This only works on major purchases, getting leases, attempting to issue debt to an individual over a certain limit. You can still use that person's identity (for instance) to purchase a cell phone plan, but the cell phone company would require a deposit first. That doesn't preclude you racking up debt in that person's name, it just raises the bar a bit.

Honestly I lift my credit probably 3 times a year (call it a hundred bucks a year) but it's the difference between having a firewall for your credit, and not.

Re:Freeze your credit

[FreelanceWizard]

In some states, you have to spend money to temporarily lift a freeze. In Tennessee, for example, placing and permanently removing a freeze costs money, but a temporary lift is free. At any rate, how much credit are you applying for that means you need to lift the freeze constantly?

A security freeze is vastly superior to a monitoring service. With the freeze, damage is prevented because the credit report is inaccessible to the creditor -- who isn't likely to open an account if they can't check the credit of the requestor. Monitoring services just let you know you're screwed, and then you have to go and determine the extent of the damage, file a police report, and try to repair what's been done. This is substantially more unpleasant than just freezing your credit file.

Re:Freeze your credit

[alexo]

Is there similar info for Canada?

Re:Freeze your credit

As a victim of Identity Theft, I'd recommend to the people impacted by the Sony debacle (or any other ID breach) to freeze your credit. It costs (in New York, varies in other states) $5 per credit company per person. There are 3 major companies, thus $15 per person. Of course, this fee might be waived if you are a victim of ID theft. Details (and state specific fees) can be found here: http://www.consumersunion.org/campaigns/learn_more/003484indiv.html

Once frozen, nobody can check your credit or open new lines of credit. If you need to allow this action (e.g. because you are buying a car or applying for a job which requires a background check), you can temporarily unfreeze your credit. You can even specify who the temporary unfreeze applies to and for how long. (For example, "Friendly Car Loans can read my credit file from May 6th through May 20th.")

Of course, the credit bureaus don't like you freezing your credit because it means you can't sign up for those "Save 5% on your purchase by opening a credit card with us today" store cards. It also means they can't sell your credit information to other companies. But, honestly, those negatives for them are just more pluses for us.

Don't forget the fact that although the three credit bureaus will still rate your credit, for any big purchase you don't have a prayer. Fact is if you, personally run your credit three times per month for three months you just dropped your credit score ten points, do that for a year and you just dropped forty points add a "fraud alert" and unless you have enough cash not to ever have to use credit (even for big purchases), the only credit you will be eligible for is a payday loan @ the local cash and go. Banks are already hoarding tax money they should be lending and if you give them an excuse to not lend to a little fish like anyone but Warren Buffett, they will take it. On a side note, and to that end, why is no one talking about the fact that $ony is begging the Justice Dept. and the FBI for help? This is troublesome and the reasons are two-fold. First they effectively paid about 5% of their profit on US taxes in fiscal year 2009 but are asking for what is effectively taxpayer help in investigating a crime that they were at least negligent in allowing this to happen and at worst culpable. Secondly, why on earth isn't any politician pointing this fact out?
Before you answer the previous question, I know the answer, and I dont want to argue the politics of this. I do however ask the question, why not force both $ony and M$ to allow third party and INDEPENDENT network service providers on their platforms? Surely they should be happy with the effective Monopoly/oligopoly that they have in the console gaming market and hardware right?

Re:Freeze your credit

Why isn't the default level of protection on my credit to have it frozen/private and only when I want to apply for something I would pay to unfreeze it temporarily and only for who I authorize for that time? For the rare occasions where people legitimately have a credit check done this seems like it would be far more efficient and less prone to fraud.

Re:Freeze your credit

[Gregorydb]

I have to agree..Freezing is the way to go, if your concerned about! Our health insurance company got hacked, and we got Debix for 2 years....i just bought a house about a week ago...I got a call, and it was for a credit check that had been run ...back in February. I feel so much safer....I actually pay one of the sites about $15 a month..and it's much more accurate, and responsive. Not 3 months later.

Re:Freeze your credit

Stop spreading false information. Checking your own credit report has absolutely no affect on the imaginary score the credit agencies place on your credit worthiness. It doesn't even show up in the report.

Re:Freeze your credit

[Eric(b0mb)Dennis]

Correct. This is called a "Soft Pull"

There once was a time (and maybe still is with the right backdoors..) you were actually able to knock 'hard' pulls (The ones from companies checking your credit for an account, these lower your score) by getting as many soft pulls in as you could.. this worked with Transunion and Experian for a bit.

Re:Freeze your credit

[AncientPC]

It should be free as stated in Sony's e-mail:

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

Re:Freeze your credit

[omfglearntoplay]

Don't lie, credit freeze wont affect you.

11. Will a freeze lower my credit score?
ANSWER: No.

http://www.state.nj.us/dobi/division_consumers/finance/creditfreeze.htm#11
http://www.atg.wa.gov/freeze.aspx
http://www.money-zine.com/Financial-Planning/Debt-Consolidation/Freezing-Credit-Reports/
 

Re:Freeze your credit

[Jason+Levine]

Fraud alerts are different than credit freezes. Fraud alerts are flags in the system that say "something fishy may or may not be going on with this account, you should check before opening lines of credit." However, actually complying with them is voluntary. Someone can still bypass the fraud alert and ruin your credit.

Security freezes completely lock out new lines of credit from forming. Nobody, not even you, can open up new credit lines until you've thawed your credit. There is no way around this. (Yes, theoretically, ID thief could get your information to unfreeze your credit but the likelihood of that can be reduced greatly by taking simple precautions.)

Re:Freeze your credit

[Jason+Levine]

I tried looking up some, but couldn't find anything. You might try searching Experian's Canandian website or something.

Not ID theft!

[erroneus]

I know... this is old but simply needs to be repeated until people "get it." ID theft is, at the very least, a misnomer and in my opinion an outright lie.

What this all boils down to is data that can be used to access accounts with banks and lenders. They created this insecure system for THEIR convenience. Now they are calling all that data "your identity" and when someone exploits their system, it is "YOU" who are the victim somehow. This is insanity. There was a great video about identity theft and the banking system someone linked to on youtube once. Hilarious but accurate. Some british comedy I recall. Anyone got that?

This system of convenience at our expense has got to end. It's simply ridiculous.

Re:Not ID theft!

[KMitchell]

Mitchell & Webb:

http://www.youtube.com/watch?v=CS9ptA3Ya9E

Re:Not ID theft!

[TaoPhoenix]

I'll reply to you with a spin on our favorite theme.

It's not identity theft... wait for it ... it's identity *INFRINGEMENT!*

No one can strip you of your identity right? (Certain prisons excepted.)

They are ... COPYING your identity! Your identity is your (ongoing) original creative work that no one can duplicate right?

So all personal details are "derivative works" of your identity!

This goes for credit cards, maybe SS #, and a lot of other things.

You "lease" Sony your card info ... so if they get hacked, they just allowed a copy to be infringing! Sue them for $875,000 per account!

Re:Not ID theft!

[erroneus]

No. Just doesn't fly.

The fact is, this "key information" is being used as a "key" to gain access to resources. This same "key information" is being used to assign liability for the ab/use of these resources. The personally identifiable information is copyable, true. But it is used to gain access to things that shouldn't be accessible. This has no similarity to copyright infringement. And if it did, then we are not the owners of our "copyrightable information" then are we as we do not have the right to sue for infringement. The parties who are actually and directly harmed do, however -- that would be the financial institutions involved.

Re:Not ID theft!

Yes, but we've had a word for it for a very long time: fraud. And fraud is between the fraudster and the defrauded entity. In the case of "ID theft" fraud neither of these parties is the person the fraudster was representing themselves to be. In effect, "ID theft" is a clever way to make someone else's problem your problem.

Re:dog

[TaoPhoenix]

Except Sony bit Geohotz, and it peed on our file registry's. It doesn't play well with the other pets. Yeah, ditch it!

Why only in America?

I see their only offering this to the people of Northen America, what about us in Europe.

Re:Why only in America?

Actually it is only for residents of the US. Canada and Mexico are left out as well and will likely not get anything from this.

Re:Why only in America?

Why would anyone want to pretend they come from Europe?

Re:Why only in America?

[suutar]

For Europe : see this link. http://blog.eu.playstation.com/2011/05/06/update-on-identity-protection-scheme/ (cut and pasted from someone else's reply to someone else's question)

1 year?!

[bezpredel6]

Seriously, they offer credit protection for 1 year??? Like the your personal information that they had stolen from them EXPIRES in one year or something? With all those millions of records at hand, chances are whoever has their hands on this data will not even get to you until 3-5 years from now (good luck proving then that sony had something to do with it:( )

Re:1 year?!

[Stupendoussteve]

If I have your name I can find out (almost) all of the information leaked by Sony, for a nominal fee. Probably more, because it will also include previous addresses and marriage information, among other things.

Credit card fraud is the more realistic negative affect of this event. Credit cards expire.

Did you give Sony your SSN? No? Then what's the worry?

"Sony To Offer Free Identity Theft Monitoring"

Yup...it's been stolen

PSN still down

[residieu]

So will they be up and running by June 18th so we can sign up?

And will this be one of those "Free for one year, and then we'll start charging you $20 a month unless you remember to cancel", type things?

Re:PSN still down

[Kagato]

I've had this happen twice before. In both cases there was no charge once the service expired. It just stopped working.

Re:PSN still down

So will they be up and running by June 18th so we can sign up?

And will this be one of those "Free for one year, and then we'll start charging you $20 a month unless you remember to cancel", type things?

Yes it will. You can also expect to be charged for the Debix ID protection after that one year period as well. Sony is planning to capitalize on short memories here and I think it will work. Most PS3 users are just going to get used to spending extra money every month for the same service and feel like they're getting some extra value with Debix at the same time.

Dudes, Sony is liable for your information being stolen. You do not need an ID protection service to use these products. They cannot legally offer these products without assuming aforementioned liability.

Sony Rootkit Scandal

[AnalogDiehard]

I'm not a PSN member, but after the Sony Rootkit Scandal I would be very reluctant with any software offered by Sony.

Re:Sony Rootkit Scandal

[udoschuermann]

Only reluctant? I admire your optimism!

77 Million people affected - 1 million dollars

[Agent0013]

In some reports, there were 77 million people's credit information stolen, but Sony is only setting aside 1 million dollars. Sony must be getting a really good deal on this credit monitoring they are giving out. That or they don't expect very many people to sign up for it. Sorry, it was only for the first 100,000 customers, you are out of luck.

Re:77 Million people affected - 1 million dollars

[BStroms]

Actually, it's a million dollars of insurance per customer. Of course, they're paying far less than a million per customer for that insurance, as the security company knows the average customer is going to cost them far less than that.

Re:77 Million people affected - 1 million dollars

[Agent0013]

Opps, sorry. I guess that's what happens when I don't read TFA!

Okay... what about Canada

I noticed that this is good for the US only. What about Canadians?

Stop the Insanity

[InsertCleverUsername]

My first thought when seeing yet another tale of mass identity theft is, why this is still happening so often? There are good solutions to security (I haven't seen any major banks hacked, have you?) and there's no damned reason why every business on the Net needs to store enough personal information on me to destroy my credit either. What will it take to give businesses or government (if they could be bothered to do any favors for the bottom 99% of us) the incentive to stop allowing this?

My second thought is that Sony is a bunch of asshats with a completely cavalier attitude towards their customers.

Re:Stop the Insanity

[Stupendoussteve]

Name and address should not be enough to ruin your credit. The worst of the worst is someone using your credit card number fraudulently. It's a big deal, but I think the cries of rampant identity theft are a little overzealous. My government ID card has my SSAN printed on it, along with my name, and I find the potential loss of this piece of plastic to be much more devastating than Sony accidentally loosing information that you could find on a people search website for a nominal fee.

Update - 3rd attack inbound?

At least that's what CNet heard through the grapevine.

Interesting is this:

The failure of Sony's server security has ignited investigations by the FBI, the Department of Justice, Congress, and the New York State Attorney General,

Excuse me? New York State AG? Weren't those PSN guys arguing against Hotz that they are in California and not New York??

In other news...

[LittleBigScript]

...Sony discovers a way to profit off of the data theft of its customers by upselling services after a 1 year trial with two of its business partners.

Sony business practices are brilliantly Machiavellian.

Why do *we* have to take action?

[scorp1us]

This is Sony's fault. They should take every CC number they have, go to Visa, Discover, or MC and say. "We've had an epic data breach and we need to protect our customers. These are their card numbers. Please bill us." If they can't go directly to Visa or MC, then the first several digits encodes the issuing bank. They should then go to that bank and repeat the request fro the customers of that bank.

Re:Why do *we* have to take action?

[Tomahawk]

Agreed.

It would also be nice if they offered us some way of finding out what data they had for each of us too. I couldn't remember which email address I used to sign up (found out, and luckily I don't use that email address for anything else), I don't know if the credit card details they have for me are valid, if they have my address, name, etc. And I can't login to the network to find out.

Re:Why do *we* have to take action?

[Stupendoussteve]

How about you let me request a new card, instead of my card being declined at dinner because some company told Visa that my card was possibly stolen. Sounds like a great denial of service opportunity.

No thanks.

Only in the US

Sony has yet to offer this protection to Canadians. More reason to jump on the Canadian class action lawsuit bandwagon.

ID Theft? Really?

[The13thSin]

What I don't understand is why everyone is so afraid of ID theft after this hack.

I'm not going to defend Sony here on any of their actions, from the reports so far it seems they really f-ed up (even though it's the actual criminal that should get primary blame), but apart from the possible CC info (which I already had replaced), what informations do(es) the hacker(s) really have? Name and Address? We do realize that for most world citizens that have the money to have bought a PS3 system, that information is already... I don't know, like everywhere? Actively being collected by hundreds if not thousands of corporations and being (legally) sold between entities throughout the world.

The only major thing is the password (though hashed, it might be retrievable with rainbow tables as I haven't read anywhere they also salted it) and the security question. Both can be a problem if you use the same one often of course. But it's not like someone has your SSN and can go open a credit in your name right? Or is it really possible in some countries to do that with just your name and address? I can't imagine, but if it is, those countries really need to rework their financial branch a.s.a.p.

Look, I'm not saying this is extremely inconvenient (cancel CC, get new one and if you didn't use a unique password / security question, change them elsewhere) and I'm pissed this happened, but being afraid of the ID theft because of this hack, seems like being afraid of dieing when you've just been stung by a bee... I'm not saying it's impossible, but seems highly unlikely. But please, if I missed something somewhere, correct me if I'm wrong.

Re:ID Theft? Really?

[xero314]

We do realize that for most world citizens that have the money to have bought a PS3 system, that information is already... I don't know, like everywhere? Actively being collected by hundreds if not thousands of corporations and being (legally) sold between entities throughout the world.

I pointed this out yesterday, though I doubt most people really understood it, but all this information, except the potential CC#s and security questions, are a matter of public record for the vast majority of US citizens (can't say about the rest of the world). The lack of SSNs makes the information useful for social engineering and very little else. The security questions potentially give a little more information but I believe Sony's would pretty harmless things like "your favorite animal" and things like that. Passwords are easy to change and so are CC numbers.

Basically just agreeing with you, with the added information that this is public information that can easily be looked up in freely official records.

Re:ID Theft? Really?

What about your name, address, phone number, valid e-mail address all bundled together nicely? That is available everywhere?

My cell phone number isn't publicly available where I live and since I don't have a land line I'm not listed in any phone book. Also my e-mail address, something that doesn't identify me by name now does if I had a PSN account. (Disclaimer I don't own a PS3). I diligently attempt to limit the amount of my person info that can be leaked to the outside world and therefore get very little e-mail, real world mail and phone call spam.

Having a major corp. like Sony give up people's info so easily via lax security and outdated software is rather annoying for people like me who try to keep their info out of the hands of d-bags like these "hackers". I'm glad everyone is busting Sony's balls as it gives all major companies who handle our data a wake up call, at least for the next few weeks while governments are on their asses about it.

Re:ID Theft? Really?

[Stupendoussteve]

In many cases yes, they are bundled together nicely. spokeo.com is an example of a service that can do this. Sure, maybe you have no public records, but most people do.

Does it auto-renew?

[livings124]

I wouldn't put it past Sony that this free plan auto-renews after the time period (into one of the paid plans).

Re:Who the fuck is Matt Welsh?

[Thud457]

Listen up buddy, if you're going to be a helpful jackass, proper form is to use a lmgtfy link.
thusly - WTF is Matt Welsh ?!

I can see it now...

[10101001+10101001]

User: Ack! My account!
Sony: Yeah, it was trashed by those three guys. I think they were called the "Something Brothers".
User: You were watching?
Sony: Uh-huh!
User: Then Sony, why didn't you tell me about it?
Sony: But I did tell you. I told you just now!

(Full pardons to Cowboy Bebop...)

Your identity loss was a pre-existing condition

[Fractal+Dice]

So does that make Debix a prime suspect for the hack? They are suddenly getting a large number of customers locked into their service.

US only (so far)

[Tomahawk]

"...A program for U.S. PlayStation Network and Qriocity customers..."

Hopefully they will do the same for the rest of the world too.

What a deal!

[orphiuchus]

First the offer free identity theft, then they offer to help you monitor it for free! Sony's really pulling out all of the stops.

Re:Who the fuck is Matt Welsh?

[arielCo]

I meant to do that at first following /. tradition and all, but that'd be like adding insult to ... nevermind

A tsunami of identity theft!

This article misses the real gem here, which is Howard Stinger trying to leverage the events of the tsunami in an effort to somehow generate sympathy for their screw up -

In the last few months, Sony has faced a terrible earthquake and tsunami in Japan. But now we are facing a very man-made event – a criminal attack on us — and on you — and we are working with the FBI and other law enforcement agencies around the world to apprehend those responsible.

Yeah, real sensitive there, Howard.

DEAR SONY

ENOUGH!

No

[ThatsNotPudding]

The rootkit installed as part of the service will keep your data safe.

I read..

..Sony to offer free identity theft this morning

Sony To Offer Free Identity Theft

There, fixed that for ya.

You lose your right to sue.

Pretty sure that by signing up for the monitoring you waive your right to sue / be involved in a class action suit. Same thing has happened with other data breaches -- i.e. you've already accepted their offer of remediation. Unlike what others have posted below, the new EULA means nothing if you accept this offer.

Maybe it's supposed to be a form of compensation

for maybe losing your information. It sounds an aweful lot like a corporation trying to be responsible, which is probably why it is so confusing to you Yanks.

Sony To Offer Free Identity Theft

[Pelekophori]

So does it count if Sony steal your ID? I'm thinking Sony is clever. Those rootkits weren't for nothing.

I got my free id theft protection offer today

[RexDevious]

They said all I had to provide was my PSN login ID, full name, address, phone number, credit card number, credit expiration date, credit card security code, mother's maiden name, social security number, router WEP2 password, bank account number, recent photo graph, times when I would not be home, locations of my valuables, and high res photograph of my house key.

Re:Maybe it's supposed to be a form of compensatio

[Stupendoussteve]

You're AC so will be ignored, but you are correct.

Sony did a bad thing, and it's fun to joke about their crappy form of compensation, but really - what else should they do?

They are offering an opt-in service for a year that will monitor for and help fix issues related to identity theft and includes insurance to fix your credit if something does happen. This seems pretty fair to me.