Sony details PlayStation attack as legal case starts

Credit card data was encrypted, company says

Sony has provided more details of the data breach which affected its 77 million customers worldwide.

The company has confirmed that all credit card data on its systems was stored in encrypted form, which should limit its usefulness for financial fraud.

However, other user data, such as passwords and address details, was stored in plain text, and will be open to use by phishers and spammers.

"For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information," Sony said in a blog post.

"Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking."

Law enforcement and "a recognised technology security firm" are examining the company's servers to gather evidence and assess the extent of the damage from the hacking attack.

Sony said that the network will be up and running again as soon as it is secure and that investigations had finished.

A legal case has already been filed against the company by Rothken Law Firm, which is bringing a class action suit on behalf of all 77 million customers.

"We brought this lawsuit on behalf of consumers to learn the full extent of Sony PlayStation Network data security practices and the data loss, and to seek a remedy for consumers," said Ira P. Rothken, who filed the complaint.

"We are hopeful that Sony will take this opportunity to learn from the network vulnerabilities, provide a remedy to consumers who entrusted their sensitive data to Sony, and lead the way in data security best practices."