Sony announced Tuesday that the attack on its PlayStation Network and Qriocity network may have compromised some users’ profile and payment information.

In a blog post, Sony Corporate Communications director Patrick Seybold said the company has discovered that the personal data may have been compromised between April 17 and April 19:

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.

Information for authorized sub-accounts may have also been obtained.

Seybold also wrote that “out of an abundance of caution,” PSN users should also assume that their credit card numbers, excluding security codes, and expiration date may have been compromised.

The company has provided few details on the attack itself, though the network has been down for six days. Seybold wrote that Sony expects to restore some of the services within a week.

Related stories:

PlayStation Network still down after ‘external intrusion’

PlayStation network to be down for ‘full day or two’