It’s bad enough Sony lost all of its customer’s encrypted and unencrypted information to some outside entity, but we would at least expect Sony to remember what information it actually had of ours. A couple days ago, Sony posted a Q&A on the PlayStation Blog so that people would stop asking all the same questions. The part in the Q&A about credit card data originally said that the credit card security codes (the three or four digit numbers on the back of cards) were not taken because Sony never asked for them. The problem is that Sony actually did ask for them.
The post has since been amended to say “While we do ask for CCV codes, we do not store them in our database.” At this point, it’s hard to not take anything Sony says about this situation with a grain of unencrypted salt. CCV codes are usually asked for by any site before making an online purchase, or paying a bill online. How Sony could have mistaken this crucial (and quite obvious) fact is very sad.
The Department of Homeland Security has also stepped in to aid Sony and law enforcement agencies both domestically and internationally in this matter. According to NextGov, the information obtained by the hackers can theoretically be used to access “corporate servers or open bank accounts.”
There are reports of identity theft affecting individuals who had a credit card tied to the PlayStation Network. Whether or not the timing is coincidental is debatable. Sony still insists that it has no evidence that suggests credit card information was stolen.