Your credit card information was encrypted, but your personal information was not.
In addition to emailing each of the 77 million PSN users to inform them that their personal information has been compromised, Sony yesterday posted a FAQ addressing the more common questions and comments. However, the company has taken things one step further, posting what appears to be the first in a series of Q&As on the official PlayStation Blog.
Q&A #1 covers a lot of the same ground as yesterday’s FAQ. That said, there are some details in there that were not previously disclosed by Sony. In response to the frequently asked question, “Was my personal data encrypted?” Sony has issued the following response:
In case you missed it yesterday, personal data compromised in the attack includes your name, address (city, state, zip), country, email address, birthdate, and PlayStation Network/Qriocity password and login and handle/PSN online ID. Sony says it’s also possible that your profile data, including purchase history and billing address (city, state, zip) was compromised. The company did not elaborate as to whether passwords and PSN/Qriocity IDs were included in the unencrypted personal data table.
Of course, the good news in all this is that credit card information, whether it was stolen or not, was encrypted. Sony says there’s no evidence to suggest that credit card info was compromised, but stresses that it can’t rule that out, and advises users to take the appropriate precautions to protect themselves against credit card fraud.
For those less worried about their personal data and more concerned with when PSN will be back online, Sony is sticking to the same statement it released yesterday:
“Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.”
Jane McEntegart works in marketing communications at Intel and was previously Manager of Content Marketing at ASUS North America. Before that, she worked for more than seven years at Tom's Guide and Tom's Hardware, holding such roles as Contributing Editor and Senior News Editor and writing about everything from smartphones to tablets and games consoles.
If I had any financial info with Sony, I would still cancel my CC, just to be safe.
It's bad enough they have the personal info, which for whatever "professional" reason was not encrypted.
One more reason to trust Sony, now that I know they have a "very sophisticated security system". Because, everyone knows, a" very sophisticated security system" is sooooo much easier to setup instead of just encrypting the f#$%^ data!
Pathetic.
"The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very useless security system that was breached in a malicious attack"
abswindows7Ghot is behind this for sure.GO GHOTI'm pretty sure that they would sue him again if it was him, and take back any settlement money if they did
SphexI'm pretty sure that they would sue him again if it was him, and take back any settlement money if they did
He didn't get "settlement money", he got the chance to not be sued by a major corporation, which is a good outcome in his situation. He also got an injunction, so if he were to be linked to this in any way, or further tampered with Sony products, he would either face SEVERE civil fines or even criminal charges. He got the chance to walk away, not doing so would be a horrible mistake.
well thats what happens when you got a big giant company that suck in security at least i will stick with microsoft for online and data protection hahaha looks like you loose sony
