Sony To Offer Free Identity Theft Monitoring 157
olsmeister writes "Several weeks after having the PlayStation Network hacked, and apologizing to users for the breach, Sony is offering $1 million in identity theft protection for users who sign up before June 18th. The protection is being offered through Debix and is called AllClear ID Plus. This appears to be some kind of custom plan especially for Sony, as their normal offerings are called AllClear ID Free and AllClear ID Pro."
yeah (Score:2, Troll)
Re: (Score:2)
In the case of this breach, the ramifications could be long lasting and/or not felt for a long time. Depending on the luck of the die (as there are so many ppl affected, you may not see any attempt of intrusion by them for a long time). My feeling is that this protection that Sony is offering will be for a short time and it will be a limited service. They'll offer you a certain level of protection for free but you'll have to pay for it if you want anything beyond that and that it'll be free only for a sh
Re: (Score:3)
Seconded. I got the opportunity for "free credit monitoring" after a breach at a different company. However, the online form to submit your info was unencrypted. I checked the page's source. No https anywhere. And they were asking for things that an ID thief would
Re: (Score:1)
Re: (Score:1)
Maybe he can't stand sarcasm... in that case, he probably shouldn't have come to Slashdot in the first place.
Re:yeah (Score:5, Insightful)
I think he knows that. This is Sony making a deal with a 3rd party which deals in identity theft to help out people who may be affected by the PSN hack.
Despite it being something that they should really be obliged to do after their screwup, and therefore they shouldn't be congratulated too much, it's also something that the "Sony is the devil" types around here wouldn't actually expect them to do. I think that people should at least recognise that they're doing the right thing here.
Since it seems to be official (although it could potentially be a social engineering trick by whoever hacked the network, since they presumably have the details to upload to the PSN blog, etc), and free, I probably will sign up, despite having already cancelled the card I used for PSN stuff.
Re: (Score:2)
I think he knows that. This is Sony making a deal with a 3rd party which deals in identity theft to help out people who may be affected by the PSN hack.
Despite it being something that they should really be obliged to do after their screwup, and therefore they shouldn't be congratulated too much, it's also something that the "Sony is the devil" types around here wouldn't actually expect them to do. I think that people should at least recognise that they're doing the right thing here.
Since it seems to be official (although it could potentially be a social engineering trick by whoever hacked the network, since they presumably have the details to upload to the PSN blog, etc), and free, I probably will sign up, despite having already cancelled the card I used for PSN stuff.
It isn't free, it's free for a year. That's not free, that's "Oh, well, we have this insurance in place, so we are not obligated"
It doesn't even come close to being free, but it does set a precedent for the future. Making it free for a year has the effect of sliding it by us.
And I agree, it is something they should be obliged to do, regardless of whether or not they have "screwed up", under the laws of the land. (Or what the laws should be.)
Re: (Score:2)
If I give you a free sandwich, is it also not free because I didn't give you a second one?
Re: (Score:2)
A sandwich is not insurance, it isn't even in any way like or symbolic of insurance.
It's a sandwich.
lousy analogy.
Um... If a sandwich was insurance, it wouldn't be an analogy.
You consume both, that's the analogy.
Re: (Score:1)
ID Theft? Really? (Score:4, Insightful)
What I don't understand is why everyone is so afraid of ID theft after this hack.
I'm not going to defend Sony here on any of their actions, from the reports so far it seems they really f-ed up (even though it's the actual criminal that should get primary blame), but apart from the possible CC info (which I already had replaced), what informations do(es) the hacker(s) really have? Name and Address? We do realize that for most world citizens that have the money to have bought a PS3 system, that information is already... I don't know, like everywhere? Actively being collected by hundreds if not thousands of corporations and being (legally) sold between entities throughout the world.
The only major thing is the password (though hashed, it might be retrievable with rainbow tables as I haven't read anywhere they also salted it) and the security question. Both can be a problem if you use the same one often of course. But it's not like someone has your SSN and can go open a credit in your name right? Or is it really possible in some countries to do that with just your name and address? I can't imagine, but if it is, those countries really need to rework their financial branch a.s.a.p.
Look, I'm not saying this is extremely inconvenient (cancel CC, get new one and if you didn't use a unique password / security question, change them elsewhere) and I'm pissed this happened, but being afraid of the ID theft because of this hack, seems like being afraid of dieing when you've just been stung by a bee... I'm not saying it's impossible, but seems highly unlikely. But please, if I missed something somewhere, correct me if I'm wrong.
Re: (Score:2)
We do realize that for most world citizens that have the money to have bought a PS3 system, that information is already... I don't know, like everywhere? Actively being collected by hundreds if not thousands of corporations and being (legally) sold between entities throughout the world.
I pointed this out yesterday, though I doubt most people really understood it, but all this information, except the potential CC#s and security questions, are a matter of public record for the vast majority of US citizens (can't say about the rest of the world). The lack of SSNs makes the information useful for social engineering and very little else. The security questions potentially give a little more information but I believe Sony's would pretty harmless things like "your favorite animal" and things l
Re: (Score:2)
In many cases yes, they are bundled together nicely. spokeo.com [spokeo.com] is an example of a service that can do this. Sure, maybe you have no public records, but most people do.
Let's give away our personal info again!! (Score:5, Insightful)
So, when we sign up for this (somewhat unknown) Debix service, can we look forward to our full identities being stolen in the near future?
Re:Let's give away our personal info again!! (Score:5, Funny)
Re: (Score:2)
They're not really that photogenic. To me, photogenic means there's a hot chick in her pajamas telling me to sign up for an online correspondence school.
Re: (Score:1)
Great advert. They must have photoshopped out the tenth guy stood at the end, looking angry and scared and clutching his credit cards close to his chest hoping that no-one will steal them.
Re: (Score:2)
Re: (Score:2, Offtopic)
Loving the username here :)
Re: (Score:2)
My job accidently sent a spreadsheeet out all of it's employees with our names, address, ss#, and wage.
They signed us up with Debix for 1 year as well.
Re: (Score:2)
No (Score:2)
Rights (Score:5, Insightful)
What rights am I signing away by doing this?
Re:Rights (Score:4, Interesting)
Re: (Score:2)
Re: (Score:3)
It's like training your dog, if it poos in the house, you discipline it, you don't throw it out.
And for people like me who have a big catalogue of games for the PS3 don't want to throw them out.
Re: (Score:2)
Sounds like you have some things to list on eBay or Craigslist to me.
Seriously, are you going to keep feeding this company? Okay, you spent money -- a lot of money. At what point would you consider Sony "too much" to continue dealing with? How bad would it have to get? Or perhaps you are afraid to let go like the way people are in a bad marriage?
Games are NOT an investment. Once you spend that money, it's only worth what you can resell it for.
Re: (Score:2)
I see you lack the concept of "replay value". Some people like playing games more than once, especially sandbox games and games with level editors.
Re: (Score:2)
Re:dog (Score:2)
Except Sony bit Geohotz, and it peed on our file registry's. It doesn't play well with the other pets. Yeah, ditch it!
Re: (Score:2)
It's like training your dog, if it poos in the house, you discipline it, you don't throw it out.
Suing SONY and given them a fine are two different things. Here's a better example. If my neighbor hits my parked car and I sue him, I don't see why I would want to associate with him anymore. And on the other side of the coin, my neighbor might want me to sign a waiver before I come over to his house for fear that I'll sue him again.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I'd throw out the poo. Disciplined poo is still poo.
Re: (Score:2, Insightful)
Why would someone who wants to sue SONY for incompetence want to keep using their products?
Sony users have Goldfish memory.
Re: (Score:2)
What's a ... oh look at the fishy.
Re: (Score:2)
Why would someone who wants to sue SONY for incompetence want to keep using their products?
Because it's a damned fine console?
Re:Rights (Score:5, Insightful)
This right here is what I've been waiting to see. You know there will be a new EULA. If Sony is smart, they won't include anything like that in the EULA (the last thing they need is more bad press), but I'm definitely waiting to read a lawyer's take on the EULA before I hit accept (normally I wouldn't, but in this case you know there's going to be a dozen or so breakdowns of the whole thing...and, besides, I'm too lazy to read it myself).
We really need to rework this whole EULA agreement deal. If companies are going to bombard us with new ones on a regular basis, they need to be bulleted points confined to a one page or so document. We already spent a ton of money on these dumb consoles, we shouldn't have to be required to read a 30 page legal document every time Sony decides to patch a bug in their software.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Can't be that bad, your soul belongs to Apple, your personal info to facebook and your creditcard-number to SONY.
Re: (Score:3)
Re: (Score:2)
thusly - WTF is Matt Welsh ?! [lmgtfy.com]
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
This quote has been there for a few days now though, I noticed it because I often see what random funny quote is down there.
Re: (Score:1)
Except it hasn't been switched in about a month. The fact that pedantic geeks (myself included) have waited a month to raise a fuss about it is rather unlike most slashdot users.
Insurance (Score:4, Insightful)
And a year for free!
I have the lifetime policy, I don't do business with them.
Sony finally learned from thier error! (Score:2)
They learned from their break-in. Now, Sony gets 10% of any revenue gained from the stealing of identities from their service. The finance team wouldn't let them lose this opportunity.
Does this cover everyone? (Score:3)
Not that I care as I don't own anything made by Sony.
Re: (Score:1)
The bloomberg article is pretty specific that it is for US customers only. Kind of a nice double-fuck-you for customers from the rest of the world. At least they are making sure I'm never even going to consider buying a Sony product or game again, the way they treat this issue.
Re: (Score:1)
The rest of the world doesn't need identity theft insurance, as banks are liable when they fuck up.
Re: (Score:2)
The rest of the world doesn't dish out credit to anyone who walks in and gives them a name and address, surely? Isn't that just an American tradition?
Why not click the link to http://blog.us.playstation.com/ [playstation.com] from the article and make the obvious change to the url (say to http://blog.eu.playstation.com/ [playstation.com]) to see if other regions are offering something similar if you are so curious? Why would expect an article written to an American audience would do that for you?
Re: (Score:3)
Will I need to give them my CC#??? (Score:1)
Yeah I trust SONY......
Might as well just post my CC# on 4chan
Re: (Score:2)
Compared to Sony, I consider the regulars at 4chan a gentle, civilised people.
What should they do? (Score:1)
Judging by the negative reactions already, I wonder.. what should SONY do?
Right now they're offering all sorts of stuff that usually isn't offered at all. You get a small post on a website or in (a) major newspaper(s) at best that tells you there was a breach, oopsie, and go contact your credit card issuer if you think that's a Bad Thing.
But clearly doing more than most other businesses do, isn't good enough.
So what should SONY do?
Viable options only, please. "Die in a fire" and "pay me $1M" and such I'm
Re: (Score:2)
Re: (Score:3)
Judging by the negative reactions already, I wonder.. what should SONY do?
You're new here, aren't you?
Viable options only, please. "Die in a fire" and "pay me $1M" and such I'm gonna guess aren't viable - solid arguments as to why they would be are welcomed nevertheless, they might yield a +5 Funny if nothing else.
Well, that answers my previous question...
The only thing Sony could do to please the haters is become a 100% open source Linux company, and even that's a long shot. Sony has raised the religious ire of the nerds, and only complete repentance and conversion, or ceasing to exist altogether, will suffice. Such are the non-negotiable demands of religious crusaders.
So what Sony should do is completely ignore the peanut gallery and simply do right by their *actual* customers. Catering
Re: (Score:2)
To be fair, I don't hate Sony. The only thing I've ever bought off them is my PS2 and PS3. Sure, getting hacked sucks, but I've had cards on file with places that got hacked before. It's not really that distressing or taxing to get the damages repaired (if any) or change your card number.
People like drama though, and this is giving them all the drama they want.
Freeze your credit (Score:4, Insightful)
As a victim of Identity Theft, I'd recommend to the people impacted by the Sony debacle (or any other ID breach) to freeze your credit. It costs (in New York, varies in other states) $5 per credit company per person. There are 3 major companies, thus $15 per person. Of course, this fee might be waived if you are a victim of ID theft. Details (and state specific fees) can be found here: http://www.consumersunion.org/campaigns/learn_more/003484indiv.html
Once frozen, nobody can check your credit or open new lines of credit. If you need to allow this action (e.g. because you are buying a car or applying for a job which requires a background check), you can temporarily unfreeze your credit. You can even specify who the temporary unfreeze applies to and for how long. (For example, "Friendly Car Loans can read my credit file from May 6th through May 20th.")
Of course, the credit bureaus don't like you freezing your credit because it means you can't sign up for those "Save 5% on your purchase by opening a credit card with us today" store cards. It also means they can't sell your credit information to other companies. But, honestly, those negatives for them are just more pluses for us.
Re: (Score:2)
You have to spend money to temporarily lift the freeze. This is just a moneymaking proposal. Further, in California people over the age of 65 get half off the fees. Fuck that, they're about to die anyway, *I* have my life ahead of me.
Re: (Score:2)
I agree that it's a moneymaking scheme. I believe, at one time, there was a federal law in the works that would let people freeze their credit for free, but the credit companies "convinced" the politicians that this was a bad idea. After all, if the credit companies seem to think it's their god-given right to sell your credit information to whomever they want, whenever they want and any law that makes it easy for people to say "don't do that" infringes on their "right to profit."
Re: (Score:2)
Just to clarify (after double-checking), you don't always need to spend money to temporarily lift the freeze. If you are a victim of ID theft, then many states will let you freeze/thaw for free. Of course, state laws vary. If your state requires $$$ for temporary thaws, contact your state representatives and demand that they make it free. If enough people do this, we can push back against the credit companies who would love to see roadblocks put in place against people freezing their credit.
On the other
Re: (Score:2)
In some states, you have to spend money to temporarily lift a freeze. In Tennessee, for example, placing and permanently removing a freeze costs money, but a temporary lift is free. At any rate, how much credit are you applying for that means you need to lift the freeze constantly?
A security freeze is vastly superior to a monitoring service. With the freeze, damage is prevented because the credit report is inaccessible to the creditor -- who isn't likely to open an account if they can't check the credit of
Re: (Score:1)
Re: (Score:2)
Thank you for this information. Why is not everyone doing this all the time? Seems like a useful thing to request for negligible cost.
Re: (Score:2)
Partly because it is a hassle when you need to thaw your credit. You need to think ahead and contact the appropriate agencies to thaw things out. Of course, it is a much bigger hassle to fix your credit if someone steals your identity. The other part, not to sound like a conspiracy theorist, is the credit companies. They *want* you to sign up for credit cards on impulse and they *want* to be able to give your credit information to anyone with a fist full of cash. Freezing your credit keeps this from ha
Re: (Score:2)
Is there similar info for Canada?
Re: (Score:2)
I tried looking up some, but couldn't find anything. You might try searching Experian's Canandian website or something.
Re: (Score:2)
It should be free as stated in Sony's e-mail:
- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect
Re: (Score:2)
Fraud alerts are different than credit freezes. Fraud alerts are flags in the system that say "something fishy may or may not be going on with this account, you should check before opening lines of credit." However, actually complying with them is voluntary. Someone can still bypass the fraud alert and ruin your credit.
Security freezes completely lock out new lines of credit from forming. Nobody, not even you, can open up new credit lines until you've thawed your credit. There is no way around this. (Y
Re: (Score:2)
Correct. This is called a "Soft Pull"
There once was a time (and maybe still is with the right backdoors..) you were actually able to knock 'hard' pulls (The ones from companies checking your credit for an account, these lower your score) by getting as many soft pulls in as you could.. this worked with Transunion and Experian for a bit.
Not ID theft! (Score:2)
I know... this is old but simply needs to be repeated until people "get it." ID theft is, at the very least, a misnomer and in my opinion an outright lie.
What this all boils down to is data that can be used to access accounts with banks and lenders. They created this insecure system for THEIR convenience. Now they are calling all that data "your identity" and when someone exploits their system, it is "YOU" who are the victim somehow. This is insanity. There was a great video about identity theft and th
Re: (Score:2)
Mitchell & Webb:
http://www.youtube.com/watch?v=CS9ptA3Ya9E [youtube.com]
Re: (Score:2)
I'll reply to you with a spin on our favorite theme.
It's not identity theft... wait for it ... it's identity *INFRINGEMENT!*
No one can strip you of your identity right? (Certain prisons excepted.)
They are ... COPYING your identity! Your identity is your (ongoing) original creative work that no one can duplicate right?
So all personal details are "derivative works" of your identity!
This goes for credit cards, maybe SS #, and a lot of other things.
You "lease" Sony your card info ... so if they get hacked, they
Re: (Score:3)
No. Just doesn't fly.
The fact is, this "key information" is being used as a "key" to gain access to resources. This same "key information" is being used to assign liability for the ab/use of these resources. The personally identifiable information is copyable, true. But it is used to gain access to things that shouldn't be accessible. This has no similarity to copyright infringement. And if it did, then we are not the owners of our "copyrightable information" then are we as we do not have the right to
Why only in America? (Score:1)
I see their only offering this to the people of Northen America, what about us in Europe.
PSN still down (Score:3)
So will they be up and running by June 18th so we can sign up?
And will this be one of those "Free for one year, and then we'll start charging you $20 a month unless you remember to cancel", type things?
Re: (Score:2)
I've had this happen twice before. In both cases there was no charge once the service expired. It just stopped working.
Sony Rootkit Scandal (Score:2)
Re: (Score:2)
Only reluctant? I admire your optimism!
77 Million people affected - 1 million dollars (Score:2)
Re: (Score:2)
Re: (Score:1)
Stop the Insanity (Score:2)
My second thou
Re: (Score:2)
Name and address should not be enough to ruin your credit. The worst of the worst is someone using your credit card number fraudulently. It's a big deal, but I think the cries of rampant identity theft are a little overzealous. My government ID card has my SSAN printed on it, along with my name, and I find the potential loss of this piece of plastic to be much more devastating than Sony accidentally loosing information that you could find on a people search website for a nominal fee.
In other news... (Score:2)
...Sony discovers a way to profit off of the data theft of its customers by upselling services after a 1 year trial with two of its business partners.
Sony business practices are brilliantly Machiavellian.
Why do *we* have to take action? (Score:2)
This is Sony's fault. They should take every CC number they have, go to Visa, Discover, or MC and say. "We've had an epic data breach and we need to protect our customers. These are their card numbers. Please bill us." If they can't go directly to Visa or MC, then the first several digits encodes the issuing bank. They should then go to that bank and repeat the request fro the customers of that bank.
Re: (Score:2)
Agreed.
It would also be nice if they offered us some way of finding out what data they had for each of us too. I couldn't remember which email address I used to sign up (found out, and luckily I don't use that email address for anything else), I don't know if the credit card details they have for me are valid, if they have my address, name, etc. And I can't login to the network to find out.
Re: (Score:2)
How about you let me request a new card, instead of my card being declined at dinner because some company told Visa that my card was possibly stolen. Sounds like a great denial of service opportunity.
No thanks.
Your identity loss was a pre-existing condition (Score:2)
US only (so far) (Score:2)
"...A program for U.S. PlayStation Network and Qriocity customers..."
Hopefully they will do the same for the rest of the world too.
What a deal! (Score:2)
First the offer free identity theft, then they offer to help you monitor it for free! Sony's really pulling out all of the stops.
I got my free id theft protection offer today (Score:2)
They said all I had to provide was my PSN login ID, full name, address, phone number, credit card number, credit expiration date, credit card security code, mother's maiden name, social security number, router WEP2 password, bank account number, recent photo graph, times when I would not be home, locations of my valuables, and high res photograph of my house key.
Re:After the facts (Score:4, Insightful)
Not like that at all. Since it's a service that attempts to deal with the results of your data being stolen, not a service that attempts to stop your data being stolen in the first place. So it's more like a damp hand towel than an umbrella in that analogy.
Re: (Score:1)
Re: (Score:2)
If I have your name I can find out (almost) all of the information leaked by Sony, for a nominal fee. Probably more, because it will also include previous addresses and marriage information, among other things.
Credit card fraud is the more realistic negative affect of this event. Credit cards expire.
Did you give Sony your SSN? No? Then what's the worry?
Re: (Score:2)
You're AC so will be ignored, but you are correct.
Sony did a bad thing, and it's fun to joke about their crappy form of compensation, but really - what else should they do?
They are offering an opt-in service for a year that will monitor for and help fix issues related to identity theft and includes insurance to fix your credit if something does happen. This seems pretty fair to me.