Sony admits to second data breach affecting 24.6 million customers

The SOE breach is in addition to the hack of over 75 million PlayStation Network user accounts last month.

In the lastest revelation, Sony said that the names, street and email addresses, birthdates, phone numbers, login names and passwords of 24.6 million SOE customers may have been stolen. The company said that it had previously thought that SOE customers were not affected by the data breach last month, but concluded on May 1 that SOE account information had been affected.

In addition, Sony had the following revelation for non-US customers about the breach of a 2007 database: “The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.”

Sony stressed that there is “no evidence” that the main credit card database was compromised.

Sony is still dealing with the aftermath of PlayStation breach. Last week, a House panel sent a letter to the company demanding answers about the breach.

“Sony’s public statements suggest there is no evidence credit card data was taken, but such a scenario cannot be ruled out. Given the amount and nature of personal information known to have been taken, the potential harm that could be caused if credit card information was also taken would be quite significant”, the letter read.

The letter requires Sony to provide answers to a series of questions about the PlayStation data breach and Sony’s data security policies in general. The letter was sent by the chairman and ranking member of the House Energy and Commerce Committee’s subcommittee on commerce, manufacturing, and trade, which plans to hold a hearing on consumer data theft on May 4. The hearing will not include Sony representatives, who declined to participate.

In addition, the Department of Homeland Security, state attorneys general, and the European Union are investing the PlayStation data breach as well. A spree of lawsuits around the globe could be in the works, Reuters reports.

What’s hot on Infosecurity Magazine?