Sony’s Patrick Seybold has posted an update on the official Playstation Blog revealing additional details about the hacking of the Playstation Network and the subsequent theft of user information. According to Seybold, Sony did in fact encrypt customers credit card numbers, something that many of the affected users had been most concerned with.
Although the credit card numbers were stored in an encrypted table and Sony has no evidence at this time that the data was even taken, Sony is still urging caution, stating that they cannot rule out the possibility.
The question of encryption was an important one, not only because it affects how vulnerable Playstation Network users are to identity theft and financial fraud, but also because it plays a big part in Sony’s liability in any future lawsuits. If it had been found in an investigation that Sony had not taken the proper precautions to protect user data then it could have been liable for damages that Forbes estimated could total in the range of $24 billion.
For a company who’s estimated cash on hand as of Q4 2010 was in the $6 billion dollar range, this could prove disastrous.
Sony is still going to be on the hotplate about the millions of user profiles that include names, addresses and passwords for their accounts. Sony says that “All of the data was protected, and access was restricted both physically and through the perimeter and security of the network.”
If any suits come to trial then Sony will still have the burden of proof when it comes to just how good that protection was. The revelation that they did encrypt credit card numbers properly will aid in limiting their liability but it won’t remove it entirely.