Privacy & Information Security Law Blog

On May 2, 2011, Sony Computer Entertainment America (“Sony”) disclosed that hackers had gained access to the personal information of 24.6 million customers who played games on the Sony Online Entertainment (“SOE”) network.  Sony stated that hackers may have accessed names, addresses and birth dates of SOE gaming customers, as well as credit card data of about 12,700 non-U.S. accounts and 10,700 bank account numbers from “an outdated database from 2007.”  Sony clarified that the SOE breach was not the result of a second attack, but rather occurred as part of the broad incursion against the company that affected 77 million PlayStation accounts, as the company previously disclosed on April 26.

The SOE network hosts games that are played over the Internet on personal computers and is separate from the PlayStation network, which connects PlayStations online.  The company detected the SOE intrusion on May 2 and temporarily took down the service as part of its continuing investigation.

This latest development is another setback for Sony, which shut down its PlayStation network on April 20 and whose executives apologized for the PlayStation breach and announced new security measures on May 1.  The company is working with the Federal Bureau of Investigation to determine who was behind the cyberattacks.  Sony is also responding to inquiries from members of Congress regarding the attacks, but has declined requests to testify before a Congressional subcommittee about the matter.