Sony Tells More About Data Breach

Sony Corp. has provided further details on the data breach that affected up to 77 million users of its PlayStation Network.

Most notably, the company disclosed that the payment card data it held was kept encrypted and separate from the other data that was affected by the breach.

Sony said in a Wednesday blog post that "we are advising you that your credit card number (excluding security code) and expiration date may have been obtained" even though it has "no evidence" that this encrypted data was stolen or misused.

Several PSN users, including an American Banker reporter, have reported recent incidents of fraud or attempted fraud on the cards they used with Sony's service. Sony and card issuers have not said that the fraud was in any way a result of the breach.

Because names and contact information were exposed, Sony warned of potential phishing attacks by scammers seeking to get more valuable information. (Similar warnings were given by Alliance Data Systems Corp.'s Epsilon marketing unit after a massive exposure of email addresses it disclosed April 1.)

The network, which provides access to games, movies, televisions shows and music, went offline last week after it was attacked by hackers.

Sony said that in response to the breach, it is moving the network's "infrastructure and data center to a new, more secure location" and "will only restore operations when we are confident that the network is secure."

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER