SEGA was hacked after post-PSN security update
Changes made in wake of Sony breach failed to protect customer data
The hack that has compromised the personal details of 1.3m SEGA users happened after the company had already tightened security in the wake of the PSN breach.
The company promised over the weekend to "further strengthen [its] network security as a priority," as a result of last week's attack. But "additional changes" had already been made to internal security as a direct response to the assault that brought down Sony's online services, affecting 100m users.
Speaking last month, SEGA West CEO Mike Hayes told GamesIndustry.biz: "We did a security audit as a result of this, which is probably six months earlier [than normal], and it was just a good housekeeping exercise. We made a couple of changes to some of our security systems. I'm sure most people have done exactly the same."
Hayes acknowledged that the PSN hack had been "an interesting wake up call for all of us," adding: "Fortunately we seemed pretty solid so we didn't have to do too many additional changes."
However, on June 17 SEGA issued a statement to customers confirming its security had been bypassed: "Over the last 24 hours we have identified that unauthorised entry was gained to our SEGA Pass database.
"We immediately took the appropriate action to protect our consumers' data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems."
The publisher confirmed that, while no financial information was stored, "email addresses, dates of birth and encrypted passwords were obtained."
This latest breach raises questions over the scope and implementation of SEGA's internal security review, and will cause further concern for the industry, which has seen companies and services including Codemasters, Bethesda, EVE Online and Minecraft targeted by hackers in recent weeks.
In a statement last week to sister publication Eurogamer, SEGA acknowledged: "The protection of data is an evolving process, as new defences are created so new threats emerge. We will make all improvements necessary as a result of this intrusion."
Speaking on the PSN hack last month, Hayes said: "I think it will just be seen in two or three months as a memory. We just have nothing but sympathy for Sony, because we don't care who you are, you don't want that sort of thing to happen.
"Corporations have problems, they all have problems, but once they're sorted out people just want to get back into gaming."
The SEGA Pass service remains offline while the publisher conducts an investigation.