Report from PSX-Scene suggest that the unknown hackers even offered to sell the details back to Sony themselves with little luck before offering them up on underground credit card trading forums.

The really disturbing part of this is the news that these details actually include the CCV security code that until now was believed to be safe. With that code married to the card owner’s name as well as the rest of the card details then the card could be used without a hiccup

these details actually include the CCV security code that until now was believed to be safe

Merchants who require the CVV2 for "card not present" transactions are forbidden by Visa from storing the CVV2 once the individual transaction is authorized and completed. This way, if a database of transactions is compromised, the CVV2 is not included, and the stolen card numbers are less useful. The Payment Card Industry Data Security Standard (PCI DSS) also prohibits the storage of CSC (and other sensitive authorisation data) post transaction authorisation. This applies globally to anyone who stores, processes or transmits card holder data.

Supplying the CSC code in a transaction is intended to verify that the customer has the card in their possession. Knowledge of the code proves that the customer has seen the card, or has seen a record made by somebody who saw the card.