Sony disclosed on Monday that the continuing investigation into the hack of the PlayStation Network had turned up new problems: its Sony Online Entertainment multiplayer game service was also hacked, and credit card data and bank information obtained.
Monday's news just adds insult to injury for the Japanese company: at a press conference on Sunday PlayStation chief Kaz Hirai disclosed that the credit card details of nearly 10 million PSN users may have been compromised, and today the company admitted that the "encryption" of the credit card data it claimed existed earlier was nothing more than a weak hash algorithm.
Customers affected in the SOE breach are outside of the US, Sony says. About 12,700 credit card numbers with expiration dates were disclosed from a breach of an outdated database, and the bank account numbers of about 10,700 users from Germany, Austria, Netherlands and Spain may have also been stolen.
"There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment," the company said in a statement sent to users. It is also an about face for Sony, who at first had believed SOE's systems were not hacked.
This latest disclosure only seems to suggest that the company may have a serious issue on its hands, and one that could lead to lawsuits by aggrieved customers worldwide. Sony's statements have been calculated from the beginning: seemingly written by the company's lawyers likely bracing themselves for a torrent of legal scrutiny.
So far, one lawsuit has been filed in federal courts by an Alabama man, accusing Sony of negligence in handling PSN users' data.