Breach, Compliance Management, Data Security, Privacy, Vulnerability Management

Sony says PlayStation breach extended to other systems

Investigation into the breach of Sony's PlayStation Network and Qriocity services has turned up further compromise, the company disclosed Monday.

Sony said it temporarily has disconnected its online gaming portal, known as Sony Online Entertainment (SOE), after discovering that the personal information connected to an unknown number of users' accounts may have been stolen. The data includes names, street addresses, email addresses, genders, birth dates, telephone numbers, login names and hashed passwords.

In addition, the hackers likely got their hands on 23,400 credit and debit card numbers belonging to SOE customers in Germany, Austria, the Netherlands and Spain.

The company said it originally didn't think this segment of the corporate network was impacted, but that view changed over the weekend. The SOE division creates and publishes massively multiplayer online role-playing games, or MMORPGs, such as the "EverQuest" series.

On Saturday, in a press conference held in Tokyo, Sony executives publicly apologized for the PlayStation/Qriocity breach, in which the personal information belonging to 77 million gamers was illegally accessed. They laid out security steps the company plans to take, and also admitted that up to 10 million credit card numbers may have been exposed.

However, the company remains steadfast that there is no proof any card data belonging to gamers actually was stolen. In a blog post Monday, spokesman Patrick Seybold also shot down reports that a hacker group tried to sell 2.2 million pilfered card numbers back to Sony.

"One report indicated that a group tried to sell millions of credit card numbers back to Sony," he wrote. "To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list."

On Saturday, executives described additional steps they plan to take, including deploying software monitoring and configuration management tools, increasing encryption and intrusion detection capabilities and adding new firewalls.

Sony also plans to hire its first-ever chief information security officer, who will report to Shinji Hasejima, the company's CIO.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.