The massive cache of personal information pulled out by the attackers is likely to be sold off online while it's fresh, Henry points out. "Typically, it's sold in bulk," he notes. "If they're after credit cards, they'll buy goods and have them shipped to their address."

There have been so many in the past few years, however, that prices for stolen information has fallen. A few years ago you could get $12 per record but today it's no more than 50 cents, Henry says.

Since many types of financial and other online accounts seem to ask similar questions for security purposes -- such as provide your mother's maiden name or list the school you went to -- Henry suggests it's not a bad idea to simply start lying about all those things so that changing them is possible when there's a data breach like this.

"Make up answers to these questions and keep track of your answers," he says.

Since Sony's division suggests credit cards may have been stolen by the attackers as well during the break-in, this raises questions about whether Sony is compliant with the Payment Card Industry (PCI) data-security rules.