Stop the presses.
Sony has confirmed that the mastermind behind the recent "external intrusions" into the Playstation Network has likely obtained the identity, personal information,account security questions of every PSN user... and possibly your credit card details.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. - Corporate Communications Exec Patrick Seybold on the Playstation Blog
Sony has urged PSN customers to remain vigilant and to check their associated credit cards and bank accounts to monitor for suspicious transactions. At least they've shed some light on the situation, but this could be an absolute distaster for consumer confidence.
This attack is believed to have been facilitated by the Rebug custom firmware that hit the internet just before PSN was taken offline.
And now for the good news: Sony also believes that PSN will be up and running within the week. Here's hoping!
UPDATE: The Information Commissioner's Office has confirmed that it will formally investigate Sony's handling of the situation - with a view to taking action if their data security doesn't comply with UK law. More details below.
A spokesman for the ICO (not to be confused with Team Ico!) confirmed to EG that they will be investigating both the hacker responsible and whether Sony's security and handling of sensitive information was unlawfully negligent.
The Information Commissioner's Office takes data protection breaches extremely seriously.
Any business or organisation that is processing personal information in the UK must ensure they comply with the law, including the need to keep data secure.
We have recently been informed of an incident which appears to involve Sony. We are contacting Sony and will be making further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office.
We'll keep you posted with further updates.