An ongoing Sony Corp. investigation into the April database breach of Sony Online Entertainment (SOE) systems revealed hackers may have accessed the personal information of an additional 24.6 million customers, the company said in a statement May 3.
Sony began investigating the breach April 20, which occurred some time between April 17 and 19. After shutting down the PlayStation Network and Qriocity home entertainment services, the company initially discovered hackers had access to the names and addresses of 77 million users. Credit card details were stolen from approximately 2.2 million of the 77 million users, according to numerous reports.
The ongoing investigation revealed approximately 24.6 million additional SOE accounts may have been accessed, as well as information from an outdated database from 2007, which includes 12,700 non-US credit or debit card numbers and expiration dates, and 10,700 direct debit records of customers in Austria, Germany, the Netherlands and Spain.
According to Sony’s statement, names, addresses, email addresses, birth dates, gender, phone numbers, login names and hashed passwords were accessed during the breach.
In addition to the aforementioned customer information, the 10,700 direct debit records from accounts in Austria, Germany, the Netherlands and Spain included bank account numbers, customer names, account names and customer addresses.
SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down, the company said. Sony will also outline a “make good” plan for certain PlayStation 3 customers. Additional information on this plan will be released this week.
Sony said there is no evidence that its main credit card database, which is housed in a separate and secured environment, was compromised.
Sony did not respond to numerous interview requests.
