The user data wasn’t encrypted.
Which leads me to an interesting thought: Apparently, the money was more important to Sony than the gamers.
Or maybe the credit card companies told Sony in very clear terms how to handle the precious credit card numbers, so Sony complied to those rules and when it came to passwords, age, place where you live, they were economical. As with how they handled the situation. At least, we didn’t have to tell them that they were hacked.
Unlike, say, Apple, they did tell us that something was wrong and they apologized for what happened. We’re just left with the task to clean up the digital mess they created.
How valuable is this data? Well, if you do something sensitive over the phone, say, calling your bank. And they want to make sure it’s you. What do they ask? Well, the simple stuff: Birth date. Where you live.
With data like that, you can open an eBay account and so some online fraud. Good luck proving it wasn’t you. Sure, it won’t be a problem but it will be an ugly hassle.
Make sure you check your next credit card bill; just to make sure Sony didn’t mess that up without noticing.