The April 2024 issue of IEEE Spectrum is here!

Close bar

Sony Finds Another 25 Million Customer Accounts Likely Taken

This time from Sony Online Entertainment servers

2 min read

Sony Finds Another 25 Million Customer Accounts Likely Taken

The Sony data breach story just keeps getting worse and worse. News reports yesterday stated that Sony had discovered in its continuing investigation into the Playstation Network breach that apparently the hackers had also been able to initially penetrate Sony’s Online Entertainment (SOE)  servers and possibly stolen information from some 24.6 million customer accounts, bringing the total number of compromised accounts to over 100 million.

The Sony press release on the latest (or currently first known breach) also said that:

“…information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly.”

Sony went on to say that:

“We apologize for the inconvenience caused by the attack and as a result, we have:

1) Temporarily turned off all SOE game services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.”

Sony has declined to appear today before the US House Subcommittee on Commerce, Manufacturing, and Trade to discuss the data breach(es), but said it would be responding to the questions (PDF) sent to it by the subcommittee last week. Sony said that it was too busy with its ongoing investigation to appear.

Epsilon, which had a major data breach of its own recently, also declined to testify, although it has reportedly already answered subcommittee questions about its breach. There was no reason given as to why Epsilon declined to appear. My guess is that it didn’t want to be the only piñata in the room. 

The Conversation (0)