Not quite out of the frying pan, but into the fire anyway: Sony just acknowledged another network breach related to the first one.
Wait, there's a second one? You bet! And this one involved Sony Online Entertainment, the company's online gaming division responsible for stuff like Everquest and DC Universe Online. Put it this way: SOE is officially dead in the water, as of 1:30am PT, Monday, May 2nd. This, after the company spent yesterday apologizing for the whole debacle.
It wasn't a second attack, so much as a second breach that occurred during the original attack between April 17th and 19th, when it's thought data thieves pilfered unencrypted personal info (but not credit card numbers) from upwards of 77 million members.
Ready for disaster number two? According to Japan's Nikkei news service, the second breach involved the theft of 12,700 credit card numbers.
Sony hasn't confirmed that yet, and in fact all they've issued is another laconic web note, writing to their "Dear Valued SOE Customers":
We have had to take the SOE service down temporarily. In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today (Monday).
We apologize for any inconvenience and greatly appreciate your patience.
Could it get any worse for Sony? Sure, say those cards start showing up en masse in identify theft or usage fraud alerts. Let's hope they don't. Heck, let's hope Nikkei's wrong for that matter. I'm as tired of writing about this as Sony is deflecting questions and posting dry, unflattering PlayStation blog updates.
Fingers crossed we get better answers soon, and that they don't involve nearly 13,000 customer credit card numbers loose in the wild.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.