Skip to main content

Sony: Credit card data was encrypted

But no encryption for personal data, as Sony provides new update on security breach

Sony has claimed that credit card data stored on the PlayStation Network was encrypted and that there is still no evidence that credit card information has been stolen following last week's security breach of the online service.

Although on Tuesday Sony admitted that it could not rule out the possibility that credit card data had been taken, there is still no suggestion that the breach has been that serious.

The entire credit card table was encrypted and we have no evidence that credit card data was taken.


According to an update on the official PlayStation Blog, "All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken.

"The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

While Sony still cannot guarantee that credit card information, encrypted or otherwise, was not taken it continues to offer the same advice to customers: " If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

"Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system."

The protection of credit card data could be the first positive news for Sony during the ongoing scandal, but the admission that personal data was not encrypted could still prove damaging.

This data has already been confirmed as compromised and would be of significant use to criminals in terms of identity theft and as an aid to phishing scams.

Yesterday it was revealed that the Information Commissioner's Office in the UK is to quiz Sony over its online security arrangements.

Read this next

Related topics