Sony Corporation continues their public relations damage control efforts after announcing last week that the PlayStation Network was the subject of a breach that compromised the accounts of more than 70 million PSN customers.
After several days of investigation, Sony initially indicated that the intruders may have accessed private customer information including login credentials, billing information, and credit card details.
Further investigation of the intrusion has lead Sony to believe that there was in fact no breach of customer credit card data.
"The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack," Sony officials said in a statement released April 27 on the PlayStation blog.
The statements issued by Sony conflict with an article in Help Net Security that notes that several independent security researchers have uncovered claims on underground forums made by the alleged PSN hackers that they are in possession of more than two million credit card numbers pilfered in the PSN breach.
“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” said security consultant Mathew Solnik for The New York Times.
Researchers also report evidence that the alleged hackers are making efforts to attempt to sell the stolen credit card data back to Sony for $100,000, and that Sony did not respond to the hackers' attempts to ransom the stolen data.
Sony announced over the weekend that they will begin a phased restoration of the PSN services as soon as possible, and that the company has already implemented several new security protocols to better ensure customer data.
"Working closely with several outside security firms, the company has implemented significant security measures to further detect unauthorized activity and provide consumers with greater protection of their personal information."
"The company is also creating the position of Chief Information Security Officer, directly reporting to Shinji Hasejima, Chief Information Officer of Sony Corporation, to add a new position of expertise in and accountability for customer data protection and supplement existing information security personnel."