Sony released another batch of answers to some of the questions PSN users have been asking. They addressed the matter of law enforcement, data encryption, and what Sony plans to do to protect your data in the future.
Q: Is Sony working with law enforcement?
A: Yes, they are working with both law enforcement and a recognized technology security firm to conduct an investigation. "This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible."
Q: Was personal data encrypted?
A: All of the data stored in the PSN was protected "physically" and within a security network. The credit card table was encrypted and Sony sees no evidence that credit card data was taken. However, the personal data, which includes your name, email address, billing address among others, was not encrypted.
Q: Was credit card information taken?
A: Again, Sony has no evidence credit card data was taken but they "cannot rule out the possibility." "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." The security code, sometime referred to as the CVC or CSC, was not accessible because Sony never stored it.
Q: What steps can you take to protect your data?
A: Sony wants you to be aware of any phone calls, emails or postal mail requests for personal or sensitive information. Sony will not contact you in any way asking for information. Once the PSN is restored they encourage you to change your password.
Q: What steps are Sony taking for the future to protect data?
A: The first step to protect data was to disable the PSN. The second is "enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. "
Q: How do gamers know which credit card was attached to their PSN account?
A: Once you added funds to your PSN wallet, you should have received an email from "DoNotReply@ac.playstation.net" to the email address associated with your account. This email will contain the last 4 digits of the credit card used to make the purchase.
Sony also addressed the issue of letting PSN users know. They are currently "sending emails directly to all 77 million registered accounts." The majority of emails have been sent at the time they posted this blog. G4's official PSN account didn't receive an email until 5:45 PM today. I have not received notifications in regards to my personal PSN accounts yet.
Two questions: Have you been notified? What questions do you still have?
To read all of the questions they answered check the PlayStation Blog.
Tips, suggestions? Find me on Twitter.