Sony has said today that the credit card information of PlayStation Network subscribers was encrypted but that users’ personal information was not.
An update on the official PlayStation blog clarifies, “All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken.
“The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”
Yesterday, Sony Computer Entertainment New Zealand made a statement to Gameplanet:
“For the security of our valued customers, we are encouraging all account holders to be aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.”
“We regret any inconvenience to our customers and greatly appreciate the patience, understanding and goodwill of our account holders as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.”
The statement is republished in full below.
Meanwhile, New Zealand Privacy Commissioner Marie Shroff has issued the following statement:
“The intrusion into Sony's PlayStation database of personal information about its customers is a major incident affecting many people world wide, including New Zealanders. We are very concerned and are watching the issue and Sony's response closely. Some of our international partners are already investigating and we will stay in touch with them as the situation develops, to judge whether further investigation in New Zealand is warranted."
“We strongly suggest that if people had their credit card number recorded in their PlayStation account that they should let their credit card provider know. Also, they should monitor their credit card statements for unusual activity, for at least the next few months. If they are concerned, then discuss with their bank whether they should change their credit card number. Also, be wary of any approaches asking for personal information for example, by email, post or telephone. Users may soon want to change their password/access numbers on PlayStation.”
PlayStation Network customers with concerns for the privacy of their information are welcome to contact the Privacy Commission on 0800 803 909.
Statement from Sony Computer Entertainment New Zealand:
PlayStation Network and Qriocity service user account information was recently compromised in connection with an illegal and unauthorised intrusion into our network. In response to this external intrusion we have responded quickly and are behaving responsibly. Providing quality and secure entertainment services to our customers is our utmost priority.
As soon as we learned of this issue, 1) we temporarily turned off PlayStation Network and Qriocity services in order to conduct a thorough investigation and to verify the smooth and secure operation of our network services, 2) we have also engaged an outside, recognised security firm to conduct a full and complete investigation into what happened, and 3) quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide greater protection of personal information
As soon as we understood that personal details had been compromised, we commenced the process of contacting PSN registrants via email, as well as posting the information publically throughout all our online communication channels, such as our official website. We regret any inconvenience to our customers and greatly appreciate the patience, understanding and goodwill of our account holders as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
For the security of our valued customers, we are encouraging all account holders to be aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.
When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password.
Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we recommend that you change them, as well.
We thank our PSN account holders for their patience as we complete our investigation of this incident, and we regret any inconvenience.