In response to the break-in, Sony flipped the switch on its PSN and Qriocity services and hired an external security firm to perform a complete investigation. At this time, it's believed that the attacker obtained access to your name, address, country, email address, birthdate, PSN/Qriocity name and password, as well as your handle/PSN online ID. It's also possible that your password security answers were obtained along with any sub-account information.
Sony says there's no evidence that users' credit card data was taken, but it can't rule out the possibility. If such information was snagged, it would "only" be your credit card number and expiration date, but not your security code. As such, the company recommends that you keep track of your financial statements and credit reports, noting that US residents are entitled by law to one free credit report per year from each of the three major credit bureaus:
- Experian: 888-397-3742; P.O. Box 9532, Allen, TX 75013
- Equifax: 800-525-6285; P.O. Box 740241, Atlanta, GA 30374-0241
- TransUnion: 800-680-7289; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
"At no charge, U.S. residents can have these credit bureaus place a 'fraud alert' on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity."
With your name, contact information and login credentials in the hands of a criminal party, it would be wise to change your passwords to other online services. Additionally, the company suggests that its users should be extra cautious about email, telephone and postal scams that request sensitive information. Sony itself will never contact you in any way to request "personally identifiable" information such as your credit card or social security number.
If you have further concerns about identity theft, Sony's blog post contains contact information for the FTC and your state's Attorney General. As for PSN's recovery, Sony says the service will remain offline until its investigation is complete and it implements the proper security measures to prevent this from reoccurring. At the time of writing, the company estimates that "some services" will be back online within a week -- surely longer than you wanted to hear.