I have no idea to be honest. I think it sounds weird if they truly knew about that their system was vulnerable to this, and they didn't do anything about it. But i can't know for sure. However, if it was a known vulnerability in the software that they were using, and there was a patch available for this, then Sony should be more up to speed to update of course. And it is a big pity if they were informed about it, but didn't do anything about it.
The reason why i asked about a source was only because i hadn't seen any official statement on it, so i was curious if maybe i missed something.
I see what you mean. Generally speaking about hacks like this, it can be worse if they go out premature and said that info might have been stolen, but then later found out that this wasn't the case afterall. Then maybe someone had already canceled their creditcards without needing to. Then there is the other way around too of course, if they are waiting with giving out the info, then the hackers can have a longer time to abuse the info that they got from the hack. I'm not sure what is the best way. Maybe the best way is to inform early and say emphasise the word 'might'. This way people decide for themself if they will take actions of canceling creditcards etc..