Sony has quite a mess on its hands. The company’s PlayStation Network and Qriocity music service were shut down last Wednesday, a move which Sony later blamed on an “external intrusion” by a hacker or hackers. Things have progressed slowly since then. It wasn’t until earlier this week that Sony warned its PSN and Qriocity users that personal data had been compromised, possibly including credit card information, though a class action suit has been filed from a group of disgruntled users who report credit card fraud.
Today brings Sony’s biggest public update on the situation yet, in the form of a Q&A posted on PlayStation Blog. In a post labeled “Q&A #1,” Sony senior director of corporate communications and social media Patrick Seybold writes, “We received a number of questions and comments yesterday and early today relating to the criminal intrusion into our network. We’d like to address some of the most common questions today.” Those questions actually started pouring in a few days earlier than specified — like the middle of last week, when this whole thing started — but answers are answers.
Regarding users’ credit card data, the Q&A reads, “The entire credit card table was encrypted and we have no evidence that credit card data was taken.” Personal data, such as user name, password and billing address, unfortunately was not encrypted, and the security system that protected the information was breached in the attack.
“While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken,” the post continues,” we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”
There’s very little else in the way of new information; even the credit card talk echoes warnings previously issued by the company. In all, roughly 77 million users have been affected, which is to say, had their personal information stolen. Even when the services are back online, Sony will have months of fallout to deal with as it tries to win back consumer confidence.
Of course, first those services will have to be brought back online. The timing of a full return to normal operating conditions is still TBD, as Sony works to create an entirely new, more secure system. “Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from [Tuesday],” the Q&A reads. “However, we want to be very clear that we will only restore operations when we are confident that the network is secure.”
- Hackers target major airline in data breach affecting nearly 10M customers
- Tumblr promises it fixed a bug that left user data exposed
- Data stolen from HealthCare.gov includes partial SSNs and immigration status
- British Airways data hack hits 380,000 recent customers
- One hacker is ‘shocked’ at vulnerabilities in the Google Home Hub