Sony reports 25mn more ID thefts
Tue, 03 May 2011 06:35:45 GMT
Japan's electronics giant Sony says hackers have stolen personal information from an additional 24.6 million user accounts in its databases.
The data breach comes on top of the 77 million PlayStation Network accounts that were stolen from Sony last month, the Associated Press reported Monday.
Engineers and security consultants investigating the “malicious intrusion” of Sony's online network say the latest incident occurred on April 16 and 17, earlier than the major PlayStation break-in that occurred between April 17 and 19.
The breach mainly affected US account holders. However, Sony said the newly-discovered breach also involved financial records of about 23,400 users outside the United States.
Among the stolen information are some10,700 direct debit records of customers in Austria, Germany, the Netherlands, and Spain.
"We will be notifying each of these customers promptly," the Japanese corporation promised.
Sony believes the intruders had gained access to private data, including credit card numbers, expiration dates and customer addresses.
But it reassured its customers that chances were slim that the 3-digit security codes, appearing on the back of credit cards were accessed.
Company spokeswoman Taina Rodriguez, meanwhile, said Sony had no evidence the information taken from Sony Online Entertainment -- based in the Southern California city of San Diego -- was used illicitly for financial gain.
The declaration comes a day after PlayStation spokesman Patrick Seybold denied reports suggesting that a group had tried to sell millions of credit card numbers back to Sony in exchange for 100,000 dollars.
On Sunday, Sony executives extended an apology to millions of their online gamers and vowed to offer “welcome back” freebies such as complimentary downloads and 30 days of free service to their customers around the world.
They also promised to overhaul the company's security systems.
Sony is now working with the FBI and other authorities to investigate what it called ''a criminal cyber attack.''