With six days of downtime and counting, the PSN security blunder has spiraled into a full-blown PR disaster. In a statement released today on the PS Blog, SCEA spokesperson Patrick Seybold notes that the company believes personal data was obtained through the PSN breach between April 17-19.

This covers the full set of details tied to a PSN account, including your name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. Sony also notes that it’s possible “purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.” This also applies to any sub-accounts.

Equally concerning, is that Sony has no idea if credit card information was exposed in the attack. For the time being, it is advising customers that “your credit card number (excluding security code) and expiration date may have been obtained.” Certainly doesn’t sound encouraging.

Sony expects to restore “some services” of PSN within a week. Given Sony’s warning, anyone using their PSN password across other sites or services should change it immediately. And of course, be on the lookout for any fraudulent transactions on your credit or debit card.

Follow this author on Twitter.