Updated Story: Patrick Seybold offered clarification on why Sony took as long as it did to notify PSN customers. His full statement sent to IGN is below:
Original Story: Sony said today it believes personal identification information from registered PlayStation Network users has been compromised as a result of an illegal intrusion that has shut down the service for the past week.There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident.
It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.
Sony also believes PSN logins and password information may have been illegally obtained. Patrick Seybold, Senior Director of Corporate Communications at SCEA said the company has hired a "recognized security firm" to fully investigate the matter and has strengthened the network's security in the meantime for further protection.
Sony says it believes an unauthorized person has obtained the following personal information that you provided:
- Address (city, state, zip)
- Email Address
- PlayStation Network/Qriocity password and login, and handle/PSN online ID
Seybold also says that "profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers" may have been obtained. Sub-account information may have also been compromised.
There is also "no evidence" that credit card information has been obtained, but Sony is not ruling out the possibility. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained," Seybold said.
"We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information.
"Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions."
When the PSN originally went down, users who attempted to login were met with the 80710a06 error code. Now, a message reads "PlayStation Network is currently undergoing maintenance" if a PSN login is attempted.