Friday, April 29, 2011

PSN credit card data was encrypted, 'no evidence' it was taken

As day eight of the PlayStation Network outage nears day nine, Sony has posted a newQ&A regarding the data leak that accompanied the service disruption. Two days after itsaid that personal information was compromised, the PlayStation maker is trying to soothe customers' fears by saying that all credit card information submitted to the PSN was encoded.
"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network," the company said in a statement on the officialPlayStation Blog. "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."
The company said that the reason it has warned customers that their credit card data may have been stolen was out of an "abundance of caution." The company also pointed out that users' credit card security codes--often called CVC or CSC numbers--were never stored on the PSN or Sony's Qriocity media service, which was also compromised in the attack. These three-digit codes are usually necessary to make an online transaction.
The day after Reuters reported that Sony was working with the Federal Bureau of Investigation's cybercrime unit, the game giant also confirmed it is cooperating with "law enforcement." The company did not mention the FBI or any other agency by name, but it did reiterate it is also working with a "recognized technology security firm" on the matter.
Finally, Sony somewhat tempered the prediction it offered on Tuesday, when it said that some PSN services would be back up within a week. "We want to be very clear that we will only restore operations when we are confident that the network is secure," the company said.

No comments:

Post a Comment

Blast away! I'm all ears. SPAM me and it gets erased. :)