On April 26, 2011, Sony admitted that user account information had been compromised on its PlayStation and Qriocity online services. Included in the data loss direct debit records of certain customers in Austria, Germany, Netherlands and Spain. Sony believes the information that may have been taken from the direct debit records includes bank account number, customer name, account name and customer address.
Then on May 20, 2011, F-Secure Security Lab first discovered that a phishing site was hiding on the Sony Thailand homepage and stored on a Sony server. It seems the malicious site was posing as an Italian credit card company CartaSi to try to collect personal data from unsuspecting users.
On the same day, another attack on So-Net, the Internet provider of Sony Japan, “alerted customers that an intruder broke into its system and stole virtual points from account holders worth $1,225.”
If you haven’t done so already, change your password.