Wednesday, May 18, 2011

Pwny

About two weeks ago, I got an "Important Customer Notification" e-mail from Sony's Online Entertainment division. At first, I dismissed it as spam, but as my mouse pointer headed for the delete button, I read the preview, and discovered that it was, in fact, a legitimate e-mail. Its purpose was to inform me that my account was one of the ones potentially accessed by the black hats in the recent highly publicized breach of Sony's systems.

At first, I couldn't remember why or how Sony would have any information of mine to give away. I don't own a PlayStation (at least not one with network connectivity; I do have an original PSX gathering dust in a box in my house somewhere), so how could my data be on Sony's servers?...Wait a minute. Back in the day, my gaming group was part of the beta test for Planetside, sometime around 2002 or so. (The game came out in retail form in 2003; I opted out at that point.) And then I thought even further back, and remembered my brief experimentation in my early 20s--not with chemicals or sexuality, but a brief three-month dip into Everquest.

At that point, I relaxed considerably. The information Sony had on me was completely obsolete--since that time, my home address, phone number, and any credit card data they may still have on file are completely changed and obsolete. But the bigger question here is why did they still have this information? How much money are they spending to warehouse out-of-date customer data that's doing them virtually no good? And how much business are they going to lose in the future when a customer like me, when deciding between a Sony and a competing product, remembers that moment of panic when they get the notification that Sony might have put my personal information at risk? To be sure, Sony should be getting all of the criticism they're receiving about their security practices. But their data retention policies appear to be getting overlooked here, and we all know what happens to people who don't learn from history.

No comments:

Post a Comment