Sony Says PSN Credit Cards Encrypted, Not Personal Data

  • Share
  • Read Later

How did they know? What did they know? When did they know? You won’t get satisfactory answers to those questions, but you may gain insight into others with a new question and answer blog series about the PlayStation Network fiasco, launched last night by Sony spokesperson Patrick Seybold.

While Sony has yet to apologize to customers–that apology may be coming once the network’s back, or it may just be that Sony’s been advised to lawyer up–the company does seem to be taking its customers more seriously with these suddenly lengthier, less evasive missives.

(More on First PlayStation Network Class Action Lawsuit Filed)

In the Q&A, Seybold says that all PlayStation Network personal data–including the data compromised in the breach–was “protected,” and that “access was restricted both physically and through the perimeter and security of the network.” But while all credit card data was encrypted (and Sony maintains it has “no evidence that credit card data was taken”), the personal data table was a “separate data set” and “was not encrypted.”

While the company won’t rule out the possibility that intruder(s) snatched credit card data, Seybold notes that the CVC or CSC number (your card’s three or four digit security code) could not have been taken because neither the PSN nor Qriocity services asked for it (and thus never stored it).

If you haven’t yet received an email from Sony about the matter, the company says it’s been working to process “all 77 million registered accounts,” and that all registered accounts should receive the email notice by today, April 28th (for the record, I have yet to receive anything from Sony in either a customer or media-related capacity).

(More on Analyst: PlayStation Network Fiasco Will Be Costly, Change Industry Forever)

Another interesting wrinkle: In addition to rebuilding their PSN and Qriocity server farms, Sony says it’s “moving [its] network infrastructure and data center to a new, more secure location.” That helps explain the time delay a bit–there’s a physical rebuilding process underway that parallels the virtual one.

And it sounds like the perps will be tracked to the ends of the earth: The company says it’s working to find whoever’s responsible for the “criminal” breach “no matter where in the world they might be located.”

When will service be restored? Sadly not by this weekend. Sony says it “[expects] to have some services up and running within a week from yesterday,” which means we should see at least partly resuscitated PSN and Qriocity services by next Wednesday, May 4th.