It was to the chagrin of PlayStation 3 owners who purchased Mortal Kombat that online network connectivity ceased the day of release, April 19. The inconvenience of a lack of free online play has taken a sinister turn, however, amidst fears personal details of up to a reported seventy-seven million users worldwide have been accessed by an "unauthorized person."

After allegedly failing to inform the public of the compromise to the network, Sony Senior Director of Corporate Communications & Social Media, Patrick Seybold, has offered an explanation of the processes the corporate giant went through during the reported missing days [via PlayStation.Blog].

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

In an e-mail sent to PSN users, Sony offer assurances that they are undertaking several steps to rectify the situation and prevent a repeat.

Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
  • Temporarily turned off PlayStation Network and Qriocity services;
  • Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
  • Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Though Sony claim to have the situation under control, the risk to users remains, with fears the names, address, date of birth, e-mail, password, and more user details will be used in phishing attacks.

Anyone with a PlayStation Network account is advised to change all passwords, monitor credit transactions closely, and remain vigilant when receiving contact regarding sensitive information. Due to the bredth of information available to hackers who have obtained these details, users need to be aware of the dangers present, not just online, but also via conventional post, and telephone. Sony assures that they will never contact a user "asking for your credit card number, social security number or other personally identifiable information."

Additional information regarding ways users can monitor any threat and minimize damages can be found in the original e-mail, or a repost on the PlayStation Blog.

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013

Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241

TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.

Cnet have reported that Kristopher Johns, resident of Birmingham, Alabama, is the first known case for a class-action lawsuit filed in the U.S. District Court for the Northern District of California. Litigation rests on arguments of willful negligence on the part of Sony and an alleged failure in a duty of care and professionalism [Johns v Sony].

CLASS ACTION NATIONWIDE CLASS ACTION AND REPRESENTATIVE ACTION COMPLAINT FOR (1) VIOLATION OF BUSINESS & PROFESSIONS CODE §17200; (2)VIOLATION OF BUSINESS & PROFESSIONS CODE §17500, FALSE OR MISLEADING STATEMENTS; (3) BREACH OF SONG-BEVERLY CONSUMER WARRANTY ACT;AND (4) VIOLATION OF THE CONSUMERLEGAL REMEDIES ACT; (5) BREACH OF EXPRESS CONTRACT; (6) BREACH OF IMPLIED CONTRACT; (7) VIOLATIONS OFSECURITY REQUIREMENTS FOR CUSTOMER RECORDS, CIVIL CODE §§ 1798.80 ET SEQ.; (8) NEGLIGENCE

It is in the interest of all Mortal Kombat Online users to ensure that they are familiar with potential risks and take appropriate measures to protect themselves online and offline. In many cases, these are general rules of thumb to be aware of in the information age, but additional vigilance is recommended.

MKO will endeavor to continue to monitor the story as it develops, updating accordingly. Follow @MK_Online for live updates, and the MKO forum for on-going discussion.