Sony has released an official email detailing the attack and what has possibly gone wrong. For all those without the Playstation here it is. (The interesting part is bold)
Gamepro has more details on how the information was stored and that can be accessed by clicking here. According to the blog post the credit card info was encrypted.
Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:
1) Temporarily turned off PlayStation Network and Qriocity services;
2) Engaged an outside, recognized security firm to conduct a
full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly
and efficiently as practicable.
Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state/province,
zip or postal code), country, email address, birthdate, PlayStation
Network/Qriocity password, login, password security answers, and handle/PSN
online ID. It is also possible that your profile data may have been obtained,
including purchase history and billing address (city, state/province, zip
or postal code). If you have authorized a sub-account for your dependent,
the same data with respect to your dependent may have been obtained.
While there is no evidence that credit card data was taken at this time,
we cannot rule out the possibility. If you have provided your credit card
data through PlayStation Network or Qriocity, out of an abundance of caution
we are advising that your credit card number (excluding security code) and
expiration date may also have been obtained.
For your security, we encourage you to be especially aware of email,
telephone, and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security, tax identification
or similar number or other personally identifiable information. If you
are asked for this information, you can be confident Sony is not the
entity asking. When the PlayStation Network and Qriocity services are
fully restored, we strongly recommend that you log on and change your
password. Additionally, if you use your PlayStation Network or Qriocity
user name or password for other unrelated services or accounts, we
strongly recommend that you change them as well.
To protect against possible identity theft or other financial loss,
we encourage you to remain vigilant, to review your account statements
and to monitor your credit or similar types of reports.
We thank you for your patience as we complete our investigation of
this incident, and we regret any inconvenience. Our teams are working
around the clock on this, and services will be restored as soon as
possible. Sony takes information protection very seriously and will
continue to work to ensure that additional measures are taken to
protect personally identifiable information. Providing quality and
secure entertainment services to our customers is our utmost priority.
Please contact us at 1-800-345-7669 should you have any additional questions.
Sincerely,
Sony Computer Entertainment and Sony Network Entertainment