"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network," the company said in a statement on the officialPlayStation Blog. "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."
The company said that the reason it has warned customers that their credit card data may have been stolen was out of an "abundance of caution." The company also pointed out that users' credit card security codes--often called CVC or CSC numbers--were never stored on the PSN or Sony's Qriocity media service, which was also compromised in the attack. These three-digit codes are usually necessary to make an online transaction.