Sega has confirmed hackers stole the personal information of nearly 1.3 million users of an online service operated by a European subsidiary.
The names, dates of birth, e-mail addresses and encrypted passwords of users of online game service SegaPass were accessed, the company said in a statement on its Japanese website, according to the Wall Street Journal.
No credit card details were accessed, however. "Please note that no personal payment information was stored by Sega as we use external payment providers, meaning your payment details were not at risk from this intrusion," the gaming company said.
Sega said it discovered the breach on Friday and halted the service immediately to launch an investigation.
The Sega Pass website was still unavailable Monday, displaying the holding notice: "Sega Pass is going through some improvements so is currently unavailable for new members to join or existing members to modify their details including resetting passwords. We hope to be back up and running very soon. Thank you for your patience."
Sega is working on improving the security of the affected systems, but has given no indication of when it plans to restore Sega Pass services.
The hacker group Lulz Security, which has been involved in a number of high profile attacks, has denied involvement in the Sega case, according to the BBC.
Instead, the group has expressed support for Sega in a posting on Twitter. "We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down," Lulz Security said.