The NSW Police fraud squad has urged Australian users of the Sony PlayStation Network to look out for phishing emails following a data breach compromising the personal details of up to 77 million users worldwide.
According to Sony, the network was breached between 17 and 19 April, during which time data was expected to have been retrieved, including the credit card details of those who use the PlayStation. The network has since been offline for six days, with Sony failing to provide a timeframe as to when the system would be re-established.
There are reportedly more than 700,000 PlayStation network users in Australia.
NSW Police detective superintendent, Col Dyson, told Computerworld Australia that it had not received any reports of local data breaches as yet. However, he warned that the information obtained could lead to phishing and identity crime.
"My advice to users is not to respond to any unsolicited emails or telephone calls as I understand phone numbers made up part of that data," he said.
"We have been advised by financial institutions that the risk to credit cards is low but if people take their normal precautions when it comes to credit cards and examine their statements for unauthorised usage and change pin numbers on their credit cards regularly, they should be OK."
Until phishing emails start emerging, Dyson said the motive of the offenders was unknown. One theory was the group harvested the data to sell to another group, a common trend according to the fraud squad.
"People's personal information used online is vulnerable at any stage and can be harvested," said Dyson. "The only difference here is that people have been alerted to it."
The same warnings to users were issued by law enforcement agencies in other states. He said a "united response" would be available if assistance was required by overseas jurisdictions.
In addition to police efforts, Australian Privacy Commissioner, Timothy Pilgrim, has flagged an independent investigation of the breach.
In a statement, Pilgrim said he was concerned particularly by Sony’s delay in alerting users of the breach.
"Our office is contacting Sony seeking further information about this matter and we will be opening an own motion investigation," he said. "When such breaches occur it is important that organisations notify their customers promptly. This is an important step in helping to mitigate any potential impact on individuals such as the risk of identity theft and fraud.”
Sony Australia has been contacted for comment but did not respond at the time of writing.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU