PSN credit card data was encrypted, 'no evidence' it was taken - Sony

PlayStation maker says that key personal info was security protected and likely not stolen, confirms cooperation with law enforcement.

As day eight of the PlayStation Network outage nears day nine, Sony has posted a new Q&A regarding the data leak that accompanied the service disruption. Two days after it said that personal information was compromised, the PlayStation maker is trying to soothe customers' fears by saying that all credit card information submitted to the PSN was encoded.

Sony says all credit card info on the PSN during the data leak was encrypted.

"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network," the company said in a statement on the official PlayStation Blog. "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

The company said that the reason it has warned customers that their credit card data may have been stolen was out of an "abundance of caution." The company also pointed out that users' credit card security codes--often called CVC or CSC numbers--were never stored on the PSN or Sony's Qriocity media service, which was also compromised in the attack. These three-digit codes are usually necessary to make an online transaction.

The day after Reuters reported that Sony was working with the Federal Bureau of Investigation's cybercrime unit, the game giant also confirmed it is cooperating with "law enforcement." The company did not mention the FBI or any other agency by name, but it did reiterate it is also working with a "recognized technology security firm" on the matter.

Finally, Sony somewhat tempered the prediction it offered on Tuesday, when it said that some PSN services would be back up within a week. "We want to be very clear that we will only restore operations when we are confident that the network is secure," the company said.

Discussion

Load Comments