Electronics giant Sony says it cannot rule out the possibility that the credit card data of its 75 million PlayStation customers has been stolen.
Hackers breached the system more than a week ago, but Sony did not let customers know until days later.
Sony's PlayStation networks - used by owners of its consoles to play games online - have been shut down for six days.
Part of the notice sent to the 75 million users says it is believed that an unauthorised person has obtained customers' information including names, addresses, email addresses, birth dates, PlayStation network passwords and log-in details.
It says it is possible customers' profile data - including purchase history and billing address - have been obtained.
The notice says there is no evidence that credit card data has been taken at this time but Sony says it cannot rule out the possibility.
Keep an eye on accounts - Privacy Commissioner
New Zealand's Privacy Commissioner says Sony should have told people immediately about the breach so they could protect themselves and is urging PlayStation users to be vigilant.
Marie Shroff says people who are worried should contact their bank and watch for signs that their credit cards being used.
Meanwhile, a New Zealand internet safety group says hacking online data bases is becoming more common.
Netsafe executive director Martin Cocker says that even if hackers do not have people's credit card details, they can use the other information to steal money by using it to build a false identity.