Sony on Monday reported that cyber assaults on its online videogame network were broader than first thought, with intruders getting away with credit and debit card data.
Hackers breached the Sony Online Entertainment (SOE) network as well as the PlayStation Network and the Qriocity streaming music service, according to the Japanese consumer electronics giant. "We had previously believed that Sony Online Entertainment customer data had not been obtained in the cyber-attacks on the company," it said in an online update. "But, on May 1 we concluded that SOE account information may have been stolen and we are notifying you as soon as possible."
Engineers and security consultants investigating the PlayStation Network breach discovered evidence that information was stolen from 24.6 million SOE accounts and from an outdated database containing people's financial data.
About 12,700 credit or debit card numbers, along with expiration dates, belonging to people outside the United States may have been stolen along with 10,700 direct debit records of customers in Austria, Germany, Netherlands, and Spain, according to Sony. "We will be notifying each of these customers promptly," it said.
The database was from 2007 and stolen information included bank account numbers and the names and addresses of customers, according to Sony. "There is no evidence that our main credit card database was compromised," SOE said in an update to users. "It is in a completely separate and secured environment."
SOE, based in the southern California city of San Diego, is a network for users to take part in massive multi-player games such as "EverQuest" or "Star Wars Galaxies" online using personal computers.
The SOE network was shut down after the data breach was discovered.
Sony originally thought that SOE was not violated during a cyber assault on its PlayStation Network and Qriocity online music-streaming service.
In an unusual Sunday press conference, Sony executives bowed in apology and said the company would begin restoring its PlayStation Network and Qriocity in the next week. "This criminal act against our network had a significant impact not only on our consumers, but our entire industry," Sony executive deputy president Kazuo Hirai said on Sunday. "These illegal attacks obviously highlight the widespread problem with cyber security. We take the security of our consumers' information very seriously and are committed to helping our consumers protect their personal data."
PlayStation Network and Qriocity streaming music service were turned off April 20 in the wake of an "external intrusion," according to Sony spokesman Patrick Seybold.
Sony believed that PlayStation Network, SOE, and Qriocity users' names, addresses, birthdates, passwords, and email addresses were swiped.
PlayStation Network connects PlayStation 3 (PS3) consoles to online games, films and more.
Players were still able to take part in games offline on consoles, but lost the ability to challenge others on the Internet, stream movies, or get other services.
PlayStation Network launched in November of 2006 and boasts about 77 million registered users worldwide.
Sony did not indicate whether it identified a culprit in the intrusion.
Sony warned users of the breached networks to be wary of solicitations or messages claiming to be from the company, since cyber crooks might try to dupe them into disclosing more valuable information.
Sony also said it was working on a plan to "make good" for the trouble the breach has caused users.