If the intruder successfully stole credit card data, the heist would rank among the biggest known thefts of financial data.
Sony Corp. said April 26 that the credit card data of PlayStation users around the world—including, presumably, thousands of college students—might have been stolen in a hack that forced it to shut down its PlayStation Network for the past week, disconnecting 77 million user accounts.
Some players brushed off the breach as a common hazard of operating in a connected world, and Sony said some services would be restored in a week.
But industry experts said the scale of the breach was staggering and could cost the company billions of dollars.
“Simply put, one of the worst breaches we’ve seen in several years,” said Josh Shaul, chief technology officer for Application Security Inc., a New York-based company that is one of the country’s largest database security software makers.
Sony said it has no direct evidence credit card information was taken, but said “we cannot rule out the possibility.”
It said the intrusion was “malicious” and that the company had hired an outside security firm to investigate. It has taken steps to rebuild its system to provide greater protection for personal information and warned users to contact credit agencies and set up fraud alerts.
“Our teams are working around the clock on this, and services will be restored as soon as possible,” Sony said in an April 26 blog post.
The company shut down the network April 20 after it said account information, including names, birthdates, eMail addresses, and log-in information, was compromised for certain players in the days prior.