Sony have released the first batch of Q&A concerning the recent attack on the PlayStation Network, which has been shut down for a week, with word that personal information and credit card data may be vulnerable to theft. Sony assures users that there is no evidence of credit card data being taken, adding that even if they were, all credit card information is encrypted.
"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken."
However, while Sony assures users that there is no evidence to support any credit card data theft, Sony says that "[they] cannot rule out the possibility," and will maintain an extremely cautious approach towards to the issue.
"If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
"Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.
However, Sony notes that personal data - name, address, etc, was not encrypted: "The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."
Sony also emphasized that they are "currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation."
"This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.
You can take a look at the whole Q&A over at the PlayStation Blog.