Sony admits huge data leak after PlayStation Network and Qriocity attacks

70 million users may have had personal and financial information stolen

Sony has admitted that it has lost large amounts of customer data, including possibly financial information, after suffering a major hacking attack on its PlayStation Network and Qriocity service.

The PlayStation Network has been down for nearly a week, after suffering what was believed to be a denial-of-service attack.

However, Sony said in a statement to customers that it had taken the site down after a hacking attack carried out between 17 and 19 April.

The company acknowledged that all 70 million users may have had their name, address, country, email address, birth date, PlayStation Network/Qriocity passwords and log-ins, and handle/PSN online ID stolen.

However, Sony also warned of more damaging data going missing. "While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility," the company said in a PSN/Qriosity Service Update.

"If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising that your credit card number (excluding security code) and expiration date may also have been obtained."

Sony has engaged an external security company to assess the extent of the intrusion and is bolstering network security to deal with the security issues behind the attack. The firm also warned customers to be on their guard against spam and phishing attacks.

"Consumers can expect a greater volume of targeted attack attempts via email as the recent breaches such as Epsilon and the Sony Playstation Network hack provide criminals with more personal information - including email addresses and product/services preferences, as well as more sensitive data such as social security numbers, addresses and even financial information," Phil Hochmuth, programme manager of IDC's security products service, told V3.co.uk.