Wired - Reeling from a hack attack that exposed information on 77 million PlayStation Network users, Sony now says that the credit card numbers potentially stolen in the breach were encrypted.
“All of the data was protected, and access was restricted both physically and through the perimeter and security of the network,” Sony wrote in a blog post.
“The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”
Encrypting the credit card numbers might help Sony argue that it was in compliance with the official Payment Card Industry Data Security Standards, which mandates encryption for stored credit card data — something that could help Sony in the class actions lawsuits that have already begun. Read More
