Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sony Hack Could Change The Way User Info Is Stored

RedEaredSlider (1855926) writes | more than 2 years ago

Network 1

RedEaredSlider (1855926) writes "The recent attack on Sony's PlayStation Network and Qriocity services may force companies to treat the personal information of its users with as much seriousness as they do credit card information..

Beth Jones, a Senior Threat Researcher at Sophos Labs, says that the recent breach of Sony's PlayStation Network may have ripple effects on regulatory control of American consumers' personal information.

The PlayStation Network was hacked last week, and Sony had to admit that users' personal details, such as email addresses, passwords and phone numbers, may have been taken. The haul of data was huge — 77 million people use the PSN.

Credit data is governed by the Payment Card Industry Data Security Standard, established in 2006. Under the standard, companies that process credit card data are must comply with a set of requirements meant to prevent data theft and fraud. "I'm wondering if the regulatory authorities will extend PCS compliancy to other information," Jones said."

Link to Original Source

cancel ×

1 comment

Sorry! There are no comments related to the filter you selected.

Institutional Stupidity!! (1)

Mephistophles (1774074) | more than 3 years ago | (#35975204)

PCI/DSS standards clearly dictate that all customer data, when "at rest" (i.e. on disk, in a database, etc.) needs to be encrypted: https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf [pcisecuritystandards.org] "Do use strong cryptography to render unreadable cardholder data that you store, and use other layered security technologies to minimize the risk of exploits by criminals" That Sony (and all the other businesses and institutions that have been hacked, left laptops to be stolen, etc.) doesn't do this is inexcusable. Had this data been properly encrypted, it would have been unusable to anyone.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>