The latest update on Sony's attempts to shore up the PlayStation Network makes mention of a mandatory password change when service resumes.
"We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly," SCE America's Patrick Seybold wrote in a new Q&A on the US PS Blog.
Sony is now working in co-operation with law enforcement in addition to the security firm brought in during the early days of the breach.
"This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible," Seybold wrote.
The executive played his cards close to the chest as to whether any perpetrators had been identified yet.
Sony has come under serious criticism after hacker logs apparently outed insufficient security measures protecting user details, but Seybold is adamant data was well defended.
"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network," he wrote.
"The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."
However, Sony "cannot rule out the possibility" that credit card data was indeed taken.
As for future security plans, Seybold said Sony is "initiating several measures ... including moving our network infrastructure and data center to a new, more secure location, which is already underway". More details are promised soon.
There's a few other bits and bobs through the link above, including details on how to check which card you had associated with your PSN account.