In an announcement, Sony says the attack took place between April 17th and 19th.
The company notes that your "Name, address (city, state, postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID, profile data, including purchase history and billing address (city, state, postal code), and the subscriber's PlayStation Network/Qriocity password security answers" have all likely been compromised.
Even worse, the company says your credit card info and expiration date are likely to have been compromised, as well.
There are 71 million registered PSN accounts.
If you are worried, Sony says you should check your credit card statements and credit reports daily, and of course, to change your password once PSN goes back online.