Sony PlayStation Credit Card Information Is Encrypted

Company says it has no evidence information has been stolen but that it cannot "rule out the possibility."

Following the revelation on Monday that an unauthorized person has hacked into users’ accounts on Sony’s PlayStation Network, the possibility remains that credit card information was comprised.

“While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” Sony explains on its latest PlayStation Network blog post. “If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.”

During Sony’s Consumer Electronics Show press conference in January, Howard Stringer reported that the Playstation Network had more than 60 million registered accounts.

Sony believes information that may have been obtained in this security breach includes the following account holders information: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. According to Sony, it is also possible that this includes profile data, including purchase history and billing address (city, state, zip), and password security answers.

Sony is working with law enforcement and a technology security firm. Meanwhile, the company is urging customers to be on guard against possible identity theft.

PlayStation Network and Qriocity online services have been down since April 20. On Monday, the company admitted that user account information had been compromised.

Sony expects to have some services up and running by May 3, but in a blog post that “we will only restore operations when we are confident that the network is secure.”