The theft comes on top of the 77 million PlayStation accounts taken in a cyberattack revealed last week.
This latest breach – of its Sony Online Entertainment PC games network – was discovered after a review of the PlayStation Network intrusion.
Sony said it occurred a day earlier than the PlayStation break-in between April 17 to 19.
The names, addresses, emails, birth dates, phone numbers and other information for 24.6m PC games customers were stolen from its servers.
Sony also said the financial records of users from an outdated 2007 database involving people outside the US may have been stolen, including 10,700 direct debit records of customers in Austria, Germany, the Netherlands and Spain.
The outdated information contained credit card numbers, debit card numbers and expiration dates, but not the 3-digit security code on the back of credit cards. The direct debit records included bank account numbers, customer names, account names and customer addresses.
“We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1 we concluded that SOE account information may have been stolen and we are notifying you as soon as possible,” Sony said in a message to customers.
Sony said that it had shut its Sony Online Entertainment service, which are available on personal computers, Facebook and the PlayStation 3 console. Its most popular games include EverQuest, Free Realms and DC Universe Online.
The company said it will grant players 30 days of additional time on their subscriptions, along with one day for each day the system is down. It is also creating a “make good” plan for its multiplayer online games.
On Sunday, Sony executives bowed in apology and said they would beef up security measures after an earlier breach caused it to shut down its PlayStation network on April 20.