Although Sony's division had no immediate response to the question about whether the Sony division is PCI compliant or holds payment-card data in a secure way demanded under the PCI standards, it can be expected that this issue will be looked at in future days by the banks, Visa, MasterCard and others as more about the massive data breach comes to light.

"A lot of websites out there don't want to deal with being PCI-compliant so they contract with third-party companies to clear credit cards," Henry says. He suggests whatever the case, the credit card numbers Sony has been given by its customers should have been held in encrypted form. "It certainly looks like there's a large liability on Sony right now," he concludes.

in Network World's Wide Area Network section.