It’s not all gloom and doom when you check out the news from the Sony Playstation Network breach. Seems that the theft by hackers of Sony network data could result in deep price cuts for thieves in the market for a stolen credit card. According to experts, the price of buying a purloined credit card number could drop from the current $5-$10 down to just a couple of bucks if the hackers flood the market with the 2.2 million credit cards they claim to have access to.

And that means the cost of the mishap may wind up costing Sony itself a cool $1.5 billion.

This news comes on top of some unpleasant testimony into hearings on the Sony flub-up.

In recent congressional testimony, Dr. Gene Spafford of Purdue University said Sony was using outdated software on its servers — and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts.

According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which “was unpatched and had no firewall installed.” The issue was “reported in an open forum monitored by Sony employees” two to three months prior to the recent security breaches, said Spafford.

Spafford made his comments in a hearing convened by the House Subcommittee on Commerce, Manufacturing and Trade. Sony was invited to participate in the hearing, but declined to attend. In a letter to the committee, Sony said it has added automated software monitoring and enhanced data security and encryption to its systems in the wake of the recent security breaches.

“If Dr. Spafford’s assessment is accurate, it’s inexcusable that Sony not only ran obsolete software on servers containing confidential data, but also that the company continued to do so after this information was publicly disclosed,” said Jeff Fox, Consumer Reports Technology Editor.

Who’s being hit hardest by the breach? Credit card lenders could spend about $300 million just for the costs of having to replace credit card numbers for the folks whose info was stolen.

One way customers can protect themselves from companies that don’t protect account data properly is to use a disposable credit card number. Citibank, Discover, and Bank of America all offer this service which creates a one-time use credit card number each time you want to use it for an online transaction.

You can also check out these tips from Consumer Reports.

As for companies that make and store this data: Be sure your IT team is keeping your network up to date and fully patched. It may be a good idea to ask about their process for this and find out how they’re backing it up.

Meanwhile, Sony’s taking the “firmly close barn door after horse is in another hemisphere” mode of response: CNET reports that the Japanese electronics giant is considering offering a reward for information leading to the arrest and prosecution of the attackers.

Tags: breach, cost, credit cards, Dr. Gene Spafford, network, patch, Playstation, Purdue University, security, Sony