Sony encrypted credit card numbers but not the other personal information for 77 million of its PlayStation customers whose data was stolen, according to Sony's daily update about the PlayStation Network hack.
The plaintext data includes name, address, email address, birth date, PlayStation Network/Qriocity password and login, and PSN online ID, Sony says.
Sony doesn't know whether credit card numbers were stolen, but they might have been.
"The entire credit card table was encrypted and we have no evidence that credit card data was taken," the blog says.
THE DELAY: Notification lag may be linked to criminal investigation
As it rebuilds its network so it can fully restore PlayStation Network services, the company says it is moving its data center to a new location that is more secure. Sony says it will release more information about these upgrades shortly.
And the company is working with law enforcement and a private security firm to track down and punish the people responsible. "We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located," according to the blog, written by Patrick Seybold, the senior director of corporate communications and social media for the company.
"This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible."
Sony doesn't post a definite date for when PlayStation Network will be back up fully, promising only that parts of it will go live within a week. "However, we want to be very clear that we will only restore operations when we are confident that the network is secure," Seybold writes.
The company says it's in the process of sending email notices (See: "The Sony Playstation breach notification letter that broke 77 million hearts") to each customer about the breach, and that task, started yesterday, should be completed by the end of today. "It takes a bit of time to send that many emails," the blog notes.
Sony is promising to rebuild its PlayStation Network, and when it finally comes back online the company will require all its users to change their passwords.
Read more about wide area network in Network World's Wide Area Network section.