Well isn’t this a massive mess. Sony’s Playstation network has been hit by a major attack and, if you’re registered with it – as 77 million people are – your personal details may now be in the hands of…who knows?

It’s been a week since PSN was shut down, and in that time, Sony has apparently been working to find out exactly what happened. In that time it’s gone from a mild inconvenience about not being able to access online games to a potential security nightmare for PSN and its customers.

The company has defended the length of time it took to notify customers of what had happened. This was posted on the Playstation blog yesterday:

“There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.”

What’s more disturbing is that we don’t know yet exactly what information has been stolen – email addresses? User names? Credit card details? The only advice Sony seems to have is to keep an eye on your credit card statements for suspicious activity.

From Sony’s FAQ on the outage:

“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information provided by PlayStation Network/Qriocity account holders: name, address (city, state, zip), country, email address, birth date, PlayStation Network/Qriocity password, login, and handle/PSN online ID. Other profile data may also have been obtained, including purchase history and billing address (city, state, zip)….If an account holder provided credit card data through PlayStation Network or Qriocity, it is possible that the credit card number (excluding security code) and expiration date may also have been obtained.”

I’m a little annoyed that at best, some personal profile info and at worst, my credit card details, have been swiped. Sure, that is the risk you take when you hand over your details to a third party, but you expect better from large companies.

But Sony isn’t the only one who has been hit by such attacks. The news archives are littered with stories of data breaches, from email marketers to retailers. At best, it’s a heap of spam choking your inbox; at worst, it’s identity theft and financial fraud.

And then there are stories like this one, where companies are breaching data protection law for who knows what reasons.