Sony Online Entertainment has provided specific details on what was initially thought by some to be a second breach of their security - turns out said breach actually stemmed from the initial attack on the PlayStation Network.
The issue was initially discovered by engineers and security consultants going over the first breach.
According to Sony's latest statement...
Personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
Sony Online Entertainment claimed that they wanted to provide disclosure "as quickly as possible after the discovery of the theft" - a wise move considering the huge consumer backlash over Sony's initial handling of the PSN breach.
SOE also provided specific details of how much information had been leaked, and how many people the leak would affect.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
- name - address - e-mail address - birthdate - gender - phone number - login name - hashed password.
In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:
- bank account number - customer name - account name - customer address.
SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a “make good” plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.
Additionally, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.
The fact that the initial breach has encompassed so many different areas of Sony's business is alarming. Hopefully this will be the last of Sony's issues and they can continue attempting to rebuild the consumer trust that has been shattered by the constant stream of bad news.