Skip to main content
If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Sony: Credit card data was encrypted

But no encryption for personal data, as Sony provides new update on security breach

News by David Jenkins Contributor
Published on
29 comments

Sony has claimed that credit card data stored on the PlayStation Network was encrypted and that there is still no evidence that credit card information has been stolen following last week's security breach of the online service.

Although on Tuesday Sony admitted that it could not rule out the possibility that credit card data had been taken, there is still no suggestion that the breach has been that serious.

The entire credit card table was encrypted and we have no evidence that credit card data was taken.

Sony

According to an update on the official PlayStation Blog, "All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken.

"The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

While Sony still cannot guarantee that credit card information, encrypted or otherwise, was not taken it continues to offer the same advice to customers: " If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

"Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system."

The protection of credit card data could be the first positive news for Sony during the ongoing scandal, but the admission that personal data was not encrypted could still prove damaging.

This data has already been confirmed as compromised and would be of significant use to criminals in terms of identity theft and as an aid to phishing scams.

Yesterday it was revealed that the Information Commissioner's Office in the UK is to quiz Sony over its online security arrangements.

Related topics
Publishing Sony Computer Entertainment
Author

David Jenkins

Contributor

Comments