The credit card data of PlayStation users around the world may have been stolen in a hack that forced it to shut down Sony’s PlayStation Network for the past week, disconnecting 77 million user accounts. Experts feel the scale of the breach is staggering and could cost Sony billions of dollars. The intrusion was malicious and Sony had hired an outside security firm to investigate. It has taken steps to rebuild its system to provide greater protection for personal information and warned users to contact credit agencies and set up fraud alerts. Sony shut down the network last Wednesday after it said account information, including names, birth dates, e-mail addresses and log-in information was compromised for certain players in the days prior. People in 59 nations use the PlayStation network. Of the 77 million user accounts, about 36 million are in the U.S. and elsewhere in the Americas, 32 million in Europe and 9 million in Asia, mostly in Japan. Sony has no direct evidence of credit card information taken, but said, cannot rule out the possibility.
Purchase history and credit card billing address information may also have been stolen, but the hackers did not obtain the three-digit security code on the back of cards, Sony has not received any reports yet of credit card fraud or abuse resulting from the breach. If the intruder successfully stole credit card data, the heist would rank among the biggest known thefts of financial data. The Ponemon Institute, a data-security research firm, estimated that the cost of a data breach involving a malicious or criminal act averaged $318 per compromised record in 2010, up 48 percent from the year earlier. That could pin the potential cost of the PlayStation breach at more than $24 billion.