Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
I hope I'm not reading too much into this, but it seems to imply the personal data tables were more protected than the credit card numbers. Could it be that PCI regulations are actually that much less strict than the rules concerning how you store the PII of children? Was that the fundamental problem here--that PCI regulations actually don't have stiff enough penalties to serve as a sufficient deterrence against corporate jackassery?
Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.
Either way, with 24 hours to go, I really don't think Sony's going to be able to explain their way out of this one.
This is just silliness. Anyone who has made a purchase through PSN has forked over the CVV from the back of their credit card, or the transaction wouldn't have cleared. Whether or not they were actually storing it ("to facilitate greater ease of purchasing") when they're explicitly forbidden from doing so I suppose to comes down to whether or not one believes in their veracity.
Being that a) Sony is a corporation which has neither a soul nor morals that can and will lie/cheat/steal so long as the quarterly statements have larger numbers and b) they're already lying to us in that very same paragraph... I ain't buyin' it.
More evasiveness about the PSN breach from Sony