Your credit card information was encrypted, but your personal information was not.
In addition to emailing each of the 77 million PSN users to inform them that their personal information has been compromised, Sony yesterday posted a FAQ addressing the more common questions and comments. However, the company has taken things one step further, posting what appears to be the first in a series of Q&As on the official PlayStation Blog.
Q&A #1 covers a lot of the same ground as yesterday’s FAQ. That said, there are some details in there that were not previously disclosed by Sony. In response to the frequently asked question, “Was my personal data encrypted?” Sony has issued the following response:
All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
In case you missed it yesterday, personal data compromised in the attack includes your name, address (city, state, zip), country, email address, birthdate, and PlayStation Network/Qriocity password and login and handle/PSN online ID. Sony says it’s also possible that your profile data, including purchase history and billing address (city, state, zip) was compromised. The company did not elaborate as to whether passwords and PSN/Qriocity IDs were included in the unencrypted personal data table.
Of course, the good news in all this is that credit card information, whether it was stolen or not, was encrypted. Sony says there’s no evidence to suggest that credit card info was compromised, but stresses that it can’t rule that out, and advises users to take the appropriate precautions to protect themselves against credit card fraud.
For those less worried about their personal data and more concerned with when PSN will be back online, Sony is sticking to the same statement it released yesterday:
“Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.”
Check out the Q&A here, and yesterday’s FAQ here. Stay tuned and we’ll keep you posted should FAQ #2 appear.