The Sony PlayStation Network’s massive failure and yakking-up of confidential user data, both personal and (possibly) financial, has been well documented. User names, passwords, email addresses, and other information have definitely been stolen. Financial information such as credit cards? Sony “can’t rule it out”.
Of course they can’t. Stealing data isn’t the same as stealing silverware. It’s easy to tell if the forks and spoons have been swiped – they aren’t there anymore. But data that has been stolen is still there, comfortably ensconced in its rows and tables. It might be possible for Sony to search logs and audit files and compare them with the attack vector (if they can figure it out) and conclude that no unauthorized access took place. But even if they succeeded, who would be silly enough to believe them?