Sony Corporation and Sony Computer Entertainment announced today that their ongoing investigation of illegal intrusions into Sony Online Entertainment (SOE) systems revealed that hackers may have stolen SOE customer information on April 16, 2011 and April 17, 2011. Unlike the first time, Sony says it is making this disclosure as quickly as possible after the discovery of the theft, on its website and via email to all consumers whose data may have been stolen.
Engineers and security consultants reviewing SOE systems found that personal information from approximately 24.6 million SOE accounts may have been stolen. The personal information that was illegally obtained, to the extent it had been provided to SOE, is as follows: name, address. email address, birthdate, gender, phone number, login name, and hashed password.
Furthermore, approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands, and Spain from an outdated database from 2007 were also taken. The debit records include: bank account number, customer name, account name, and customer address.
SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. Sony is also in the process of outlining a "make good" plan for its PlayStation 3 MMOs (DC Universe Online and Free Realms) produced by SOE, which is based in San Diego, California.
Sony last week announced that its PlayStation Network (PSN) had been comprised, later admitted that some user data was unencrypted, and even faces a class action lawsuit. The outage of Sony's PSN and Qriocity services and the ongoing investigation into the recent attacks prompted SOE to take a closer look into its own system. Upon discovery of this second attack, Sony promptly shut down all servers related to SOE services. Sony says it is working with the FBI and continuing its own full investigation while working to restore all services.