After top executives bowed in a traditional Japanese apology at a weekend press conference in Tokyo, Sony has been plunged into further disarray, admitting that a second hack, older than the one revealed last week has been discovered, involving the theft of almost 25 million sets of personal details.
This second breach, of its Sony Online Entertainment PC games network, became apparent after a review of the PlayStation Network intrusion. Sony said it had occurred a day earlier than the PlayStation break-in between 17 and 19 April.
The names, addresses, emails, birth dates, phone numbers and other information for 24.6m PC games customers were stolen from its servers. It also admitted that a 2007 database – now outdated – of customers outside the US may have been stolen, this one including the direct debit information of 10,700 customers in Austria, Germany, the Netherlands and Spain.
The information includes credit card numbers, debit card numbers and expiration dates, but not the crucial three-digit security code on the back of credit cards.
The second attack heaps further misery on the beleaguered company, in a highly competitive industry, where customer loyalty and confidence is crucial. If customers abandon the console in favour of its rivals, game developers will follow.
But it has won praise for its response to the second attack, which has been swifter and better managed. "It has acted extremely quickly and seems to be following the four golden rules in crisis PR – to be open, honest, transparent and fast," said Richard Spreckley, an adviser on crisis management.
Sony, which has shut the online entertainment service in response, said its Playstation Network services, which it suspended last Tuesday, would be available again "this week". Users will be offered 30 days' free subscription, plus one day's free use for every day the service is down, by way of compensation.