Sony Online Entertainment has followed up the news broken over the weekend that SOE servers have been taken down due to an external attack. Some 2007 European credit card details have been stolen. Here's the bad news for Europeans regarding stolen details:
- 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes).
- 10,700 direct debit records listing bank account numbers.
An official information release states that, "Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems.
"We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password."
But things get worse outside the USA where, SOE says:
"...we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly."
It then states:
"There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment."
In terms of the USA where banking laws differ from Eurpoe, SOE has "also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a 'fraud alert' on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name.
Source and full statement:
Sony