Today's daily update on the PlayStation Network situation brings word that Sony is working with an unspecified law enforcement agency and a "recognized technology security firm to conduct a complete investigation." The attack on PSN is being described as "malicious" and a "criminal act," so in response Sony is "proceeding aggressively to find those responsible."
In response to the outcry, Sony's Patrick Seybold wrote on the PlayStation Blog, "We are taking steps to make our services safer and more secure than ever before. We sincerely regret any inconvenience or concern this outage has caused, and rest assured that we're going to get the services back online as quickly as we can."
A week from yesterday, April 26, is still the target for getting "some services" back up but that's no guarantee -- an FAQ says "we want to be very clear that we will only restore operations when we are confident that the network is secure." It's entirely possible that it could be longer before PSN begins to come back online.
Part of the reason for this process taking so long is Sony's ongoing move of its network infrastructure and data center to a "new, more secure location." More details on new security measures will be forthcoming.
As for the leak itself, Sony says that all personal data was not encrypted but was located "behind a very sophisticated security system" which apparently was unable to prevent the infiltration. Credit card data was encrypted and there is still no evidence that such data has been stolen. That's according to Sony, of course, and it goes against the numerous stories that have surfaced about sudden credit card fraud, including an incident with 1UP contributor Steve Watts. It's possible these occurrences are coincidental; it's difficult to say with any degree of certainty that they are a direct result of the PSN breach.
If you have not yet taken any steps to secure your credit or debit card, you'll want to do so soon. There's no direct way to see which card was attached to your PSN account so Sony recommends either checking your account statements or searching your PSN account's email address for anything sent by "DoNotReply@ac.playstation.net," which will contain the first four and last four digits of the credit card you've used on PSN.
Among the data stolen in the attack was your PSN login and password, so your password will be a key thing to change. That's currently impossible with PSN down, but as a part of a new firmware update, users will be required to change their account password. No further details about the update were shared. Sony promises they are coming "shortly."
Earlier today the first lawsuit stemming from the incident was filed against Sony in California.