In addition, the breach may have compromised credit card information from around 12,700 people outside the U.S. -- including Austria, Germany, the Netherlands and Spain -- and nearly 10,700 direct debit records from an "outdated database from 2007."
"We had previously believed that SOE customer data had not been obtained in the cyberattacks on the company," said Taina Rodriguez, another Sony spokeswoman. "But on May 1 we concluded that SOE account information may have been stolen."
The incident occurred on April 16 and 17 -- a week before 77 million PlayStation accounts were hacked from April 17 to 19 -- prompting Sony to shut down its services.
"We temporarily took down SOE's services as part of our continued investigation into the external intrusion that occurred in April," said Michele Sturdivant, a Sony spokeswoman. "This is not a second attack."
Congress is scrutinizing Sony on its handling of customer information, which could set sweeping new changes over how companies store and protect user information. Lawmakers are also grilling Apple and Google over how their mobile devices track, store and sometimes send user data.
Last week, U.S. Senator Richard Blumenthal, (D., Conn.) asked Sony President Jack Tretton to explain Sony's six-day delay before notifying PlayStation customers. The company agreed to provide written answers to questions, but declined to testify before a congressional committee.
On Sunday, Sony executives apologized to customers and said it would beef up security. It also said it would give customers 30 days of extra time on their subscriptions, in addition to one day for each day the system is down.
Sony's SOE network, which includes "EverQuest" and "DC Universe Online," and PlayStation service are still down as the company works with the Federal Bureau of Investigation to investigate the attacks.
No comments:
Post a Comment