Sony: Some PSN Personal Info Wasn't Encrypted

In addition to emailing each of the 77 million PSN users to inform them that their personal information has been compromised, Sony yesterday posted a FAQ addressing the more common questions and comments. However, the company has taken things one step further, posting what appears to be the first in a series of Q&As on the official PlayStation Blog.

Q&A #1 covers a lot of the same ground as yesterday’s FAQ. That said, there are some details in there that were not previously disclosed by Sony. In response to the frequently asked question, “Was my personal data encrypted?” Sony has issued the following response:

In case you missed it yesterday, personal data compromised in the attack includes your name, address (city, state, zip), country, email address, birthdate, and PlayStation Network/Qriocity password and login and handle/PSN online ID. Sony says it’s also possible that your profile data, including purchase history and billing address (city, state, zip) was compromised. The company did not elaborate as to whether passwords and PSN/Qriocity IDs were included in the unencrypted personal data table.

Of course, the good news in all this is that credit card information, whether it was stolen or not, was encrypted. Sony says there’s no evidence to suggest that credit card info was compromised, but stresses that it can’t rule that out, and advises users to take the appropriate precautions to protect themselves against credit card fraud.

For those less worried about their personal data and more concerned with when PSN will be back online, Sony is sticking to the same statement it released yesterday:

“Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.”

Check out the Q&A here, and yesterday’s FAQ here. Stay tuned and we’ll keep you posted should FAQ #2 appear.

Jane McEntegart works in marketing communications at Intel and was previously Manager of Content Marketing at ASUS North America. Before that, she worked for more than seven years at Tom's Guide and Tom's Hardware, holding such roles as Contributing Editor and Senior News Editor and writing about everything from smartphones to tablets and games consoles.

  • Sphex
    Wow Sony, hurry up! I don't have a life, so I can't deal with this!! :]
  • rasagul
    I'm not even a console gamer but if they ever catch the group behind this they need to tie rabid ferrets to their genitals.
  • Hupiscratch
    Well, I´ve been using a fake address anyway. But is a sad thing for everybody what´s happening.
  • house70
    If I had any financial info with Sony, I would still cancel my CC, just to be safe.
    It's bad enough they have the personal info, which for whatever "professional" reason was not encrypted.
    One more reason to trust Sony, now that I know they have a "very sophisticated security system". Because, everyone knows, a" very sophisticated security system" is sooooo much easier to setup instead of just encrypting the f#$%^ data!
  • "The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very useless security system that was breached in a malicious attack"

    fixed it for them
  • abswindows7
    Ghot is behind this for sure.
  • maestintaolius
    If only they put half the work into securing our personal data into what they spend putting DRM systems on games.
  • Sphex
    abswindows7Ghot is behind this for sure.GO GHOTI'm pretty sure that they would sue him again if it was him, and take back any settlement money if they did
  • kinggraves
    SphexI'm pretty sure that they would sue him again if it was him, and take back any settlement money if they did
    He didn't get "settlement money", he got the chance to not be sued by a major corporation, which is a good outcome in his situation. He also got an injunction, so if he were to be linked to this in any way, or further tampered with Sony products, he would either face SEVERE civil fines or even criminal charges. He got the chance to walk away, not doing so would be a horrible mistake.

  • well thats what happens when you got a big giant company that suck in security at least i will stick with microsoft for online and data protection hahaha looks like you loose sony