Sony says hacked PlayStation Network credit card data was encrypted

Sony said yesterday that all credit card information on its hacked PlayStation Network was protected with encryption. As the outage for the online game service for the PlayStation 3 entered its eighth day, the company sought to reassure angry users.

Users were angry that Sony took six days to inform them that their personal data had been stolen, but the exact nature of the credit card theft isn’t precisely known. I was among those 77 million PSN and Qriocity users who had my personal data stolen, and I received an apologetic email from Sony yesterday. The company clearly has a long way to go to earn back the trust of gamers, and it seems to be aware that communicating clearly and quickly has to be its priority right now.

Patrick Seybold, spokesman for Sony, said in an updated statement that the “entire credit card table was encrypted and we have no evidence that credit card data was taken.” The personal data, such as names and emails, was not encrypted. Sony said it cannot rule out the possibility that credit card information was taken. If it was, then the card number and date of issuance was likely taken, but not the credit card security number on the back of a card.

“First off, we want to again thank you for your patience,” Seybold said. “We know that the PlayStation Network and Qriocity outage has been frustrating for you. We know you are upset, and so we are taking steps to make our services safer and more secure than ever before. We sincerely regret any inconvenience or concern this outage has caused, and rest assured that we’re going to get the services back online as quickly as we can.”

Sony has hired a “recognized technology security firm” to conduct a full investigation of the “malicious attack” against the PSN. Sony said it won’t ask anyone for their credit card, social security or other personally identifiable information. Sony suggests users that users log on and change the password once the PSN service comes back, presumably within a week. Consumers can visit Sony’s support site for more notices.

Sony says it is adding several measures to improve the security of the PSN once it comes back online, including moving the company’s network infrastructure and data center to a new, more secure location.