Credit Cards Blog

Finance Blogs » Credit Cards » Sony faces second data breach

Sony faces second data breach

By Marcie Geffner · Bankrate.com
Tuesday, May 3, 2011
Posted: 2 pm ET

Computer hackers have broken into another Sony online game service, and more sensitive consumer information, including credit card, debit and bank account numbers, may have been stolen.

Personal information from 24.6 million Sony Online Entertainment, or SOE, accounts may have been taken along with data from a 2007 database, Sony said in a statement Tuesday.

The personal information from the 24.6 million accounts included customer names, the city, state, ZIP code and country portions of mailing addresses, email addresses, birthdates, gender, phone numbers and login names and passwords. The passwords were protected by a type of security called a "hash" algorithm.

The 2007 database, which Sony described as "outdated," included 12,700 non-U.S. credit or debit card numbers and expiration dates and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain, according to the company. The direct debit records included customer names, the city, state, ZIP code and country portions of mailing addresses, account names and bank account numbers.

The company hasn't said whether the financial data was encrypted, hashed or in clear text format.

SOE offers multiplayer online games that can be played on a wide range of platforms and devices, including the PlayStation 3, personal computers, and mobile and social networks. Game titles include "EverQuest," "EverQuest II," "Champions of Norrath," "PlanetSide," "Free Realms," "Clone Wars Adventures" and "DC Universe Online."

The newly discovered intrusion apparently occurred April 16-17, around the same time as the previously revealed unauthorized access into the Sony PlayStation Network and Qriocity services. All of these services have been shut down while Sony reviews and upgrades its online security systems.

Customers have been advised to be alert to any email, telephone and postal solicitations that request personal or sensitive information and to logon to the SOE system and change their password as soon as the service is restored. Changing identical user names and passwords used elsewhere is also advised.

Sony has apologized for the inconvenience and said it is working with the FBI to investigate these cybercrimes.

Follow me on Twitter: @marciegeff

«
»
Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
5 Comments
ngan
May 04, 2011 at 10:01 am

"Sony has apologized for the inconvenience..."

that's it? that's all we're getting from Sony? no other punishment?

well, isn't that nice for them and for all their customers.