In an email to the members of the Sega Pass forums, Sega explained the hack bomb as:
We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems.
We have identified that a subset of Sega Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text.
Please note that no personal payment information was stored by Sega as we use external payment providers, meaning your payment details were not at risk from this intrusion.
Sega has apologized and asked for patience as they restore the site fully.