More than a week after being the target of an online attack, Sony has said the personal information - including credit card details - of up to 77million of its customers may have been stolen.
The electronics giant's internet gaming service, PlayStation Network, was "compromised with an illegal and unauthorised intrusion", said the company.
It planned to restore "some services" within a week, and has appointed a computer security company to investigate the network's outage.
Writing on the company's blog, Patrick Seybold, senior director of corporate communications, said that users' names, home and email addresses, login and password details - as well as billing history - may have been accessed by "an unauthorised person".
"While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," he posted.
"If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."
The personal details of children may also be at risk, he explained.
"If you have authorised a sub-account for your dependent, the same data with respect to your dependent may have been obtained."
The network was hacked at some point between April 17 and April 19, and Sony turned off the services shortly after to prevent any further attacks.
But the delay in the corporation informing its customers that their personal information was at risk led US Senator Richard Blumenthal to write to Jack Tretton, president of Sony Computer Entertainment.
"Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised," he wrote.
"Nor has Sony specified how it intends to protect these consumers."
Following Sony's legal action against PS3 hacker George Hotz, hacktivist group Anonymous threatened to target the Tokyo-based conglomerate - but this week denied it was behind the attack on the PlayStation Network.
"For once we didn't do it," said the group.
If confirmed at 77million records, it would rank as one of the largest ever credit card data breaches. The Open Security Foundation lists three larger, with merchant processing company Heartland Payment Systems taking the top spot after a 2008 hack exposed up to 130million credit card details.
Breach of trust
Sony's delayed reaction to the breach is generating added anger for its customers, questioning whether the brand could ever be trusted again with individuals' financial information.
"If you have compromised my credit information, you will never receive it again," commented 'Korbei83' on Seybold's blog post. "The fact that you've waited this long to divulge this information to your customers is deplorable. Shame on you."
"Excuse me while I go change my password.. oh wait. I can’t," the commenter wrote.
Technology experts say Sony might never recover from this "disaster."
"Chances are Playstation is going to have to work very hard to rebuild that trust," Tristan Donovan, author of "Replay: the History of Video Games" said. "It could almost be irreparable damage.
Matthew Bath, technology editor at Which?, warns customers and companies to be more prudent of today's "cyber game of cat and mouse."
"The quicker the companies innovate to try and protect your financial information world hackers try and keep one step ahead to find those loopholes and backdoors to try and exploit it," Bath told Al Jazeera.
"As we store more of our information on the Amazons, the Sonys and the Microsofts of the world, they're going to have work really incredibly hard not to just regain our trust but to actually keep our data safe," he said."