New information turned up during Sony's internal investigation into the malicious hacking which prompted the shutdown of PlayStation Network and Qriocity services - affecting nearly 77 million registered members worldwide - suggests that around 24 million Sony Online Entertainment (SOE) accounts could also have been compromised.
In addition, over 10,000 credit cards stored in an "outdated database" might now be on the hard drives of hackers according to the company.
In an announcement today, SOE (which handles online titles such as "Free Realms" and "DC Universe Online") revealed the breadth of information potentially compromised: name, address, e-mail address, birthdate, gender, phone number, login name and hashed password.
The breach also leaked direct debit records from account holders in several countries, including Spain, Austria, Germany, and The Netherlands. Customers' bank account numbers, names, account names and addresses were boosted during the April 16th-17th cyber attack.
Hoping to avoid the narrowed eyes of critics this time, Sony admitted the information was only discovered about a day ago by security experts. The company elicited outrage when it failed to mention possible customer security issues resulting from the "external intrusion" into the PSN until nearly a week after it was shut down.
On Sunday, three of the corporation's top executives appeared at a press conference in Tokyo to address questions surrounding the cyber break-in.
Executive Vice President Kazuo Hirai, Chief Information Officer Shinji Hasejima and Senior Vice President of Corporate Communications Shiro Kambe attempted to mollify the situation - bowing deeply numerous times over the nearly two-hour event as a show of humility and regret.
Following in the footsteps of the company's recently outlined "Welcome Back" program, SOE promised 30 days of free service for current subscribers and "one day for each day the system is down." The company also said it's discussing how to best cover costs associated with identity theft protection if customers opt for it. Specifics have not been released beyond that it would be handled "at a local level."
The full press release can be found here.
