Sega has confirmed that the personal data of 1.29 million of its customers was stolen in an attack on its systems.
It comes after the computer games firm said on Friday that e-mail addresses and dates of birth stored on the Sega Pass database were accessed by hackers.
However, Sega continues to say that payment information, such as credit card numbers, remained safe.
Sega spokeswoman Yoko Nagasawa said: “We are deeply sorry for causing trouble to our customers.”
She added: “We want to work on strengthening security.”
Ms Nagasawa added that it was not yet known when the Sega Pass online network could be restarted.
In an e-mail sent to Sega Pass users on Friday, the company wrote: “Over the last 24 hours we have identified that unauthorised entry was gained to our Sega Pass database.
“We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems.”
Sega explained that it had reset all passwords and urged customers to change their log-on details on other services and websites where they used the same credentials.
It added that password details had not been stored in plain text, suggesting that they may have been secured by some kind of encryption.
Sega is the latest in a line of games companies to suffer hacking and denial of service attacks on their online services.
The hacker group Lulz Security, which has been involved in a number of high profile attacks, including one against Sega rival Nintento, has denied involvement in the Sega case.
Instead it showed some sympathy for the company on its Twitter feed.
“We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down,” it said.