Sony: Co. is victim of sophisticated cyber attack

May 04, 2011 By JOELLE TESSLER , AP Technology Writer

The data breach of Sony's PlayStation Network resulted from a "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes," a Sony executive said.

In a letter to members of the House Commerce Committee released Wednesday, Kazuo Hirai, chairman of Sony Computer Entertainment America LLC, defended the company's handling of the breach.

Sony first disclosed the breach last week. It said the attack may have compromised credit card data, email addresses and other personal information from 77 million user accounts. On Monday, Sony said data from an additional 24.6 million online gaming accounts also may have been stolen.

The company has shut down the affected systems while it investigates the attacks and beefs up security. Hirai said Sony is working "around the clock to get the systems back up and to make sure all our customers are informed of the and our responses to it."

Addressing criticism that the company waited too long to inform customers, Hirai said Sony waited until it had a solid understanding and confirmation of the extent of the attack and its implications.

"Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by ," he wrote.

Although Sony began investigating unusual activity on the PlayStation network on April 19, it did not notify consumers of the breach until April 26.

Hirai's letter said the company does know who is responsible for the attack and is working with outside security and forensics consultants and the on an inquiry.

The letter also noted that the hack came on the heels of attacks launched against several Sony operations and threats made against Sony and its executives in retaliation for complaint filed by the company against a hacker in U.S. District Court in San Francisco.

The letter said Sony may not have immediately detected the PlayStation breach in part because its security teams were busy trying to defend against the .

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," Hirai wrote.

Hirai was one of three Sony executives who bowed in apology for the data breaches for several seconds at the company's Tokyo headquarters on Sunday.

His letter was in response to an inquiry by Rep. Mary Bono Mack, R-Calif., who chairs the House Commerce Subcommittee on Commerce, Manufacturing and Trade, and Rep. G.K. Butterfield of North Carolina, the subcommittee's top Democrat.

Sony officials had been invited to testify at a subcommittee hearing on data breaches held Wednesday, but did not appear.

One witness, David Vladeck, director of Federal Trade Commission's bureau of consumer protection, used his testimony to call for legislation that would require companies to implement reasonable data security policies and procedures, and notify consumers in the event of a breach.

Explore further: US Congress decriminalizes cellphone unlocking

More information: Correction: In a story May 4 about an attack on Sony Corp.'s PlayStation Network, The Associated Press erroneously reported that Sony knows who is responsible. In a letter to Congress, the company said it does not know who is responsible.

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Sony apologises for breach, boosts security

May 01, 2011

Sony on Sunday apologised for a security breach that compromised millions of users, and said it could not rule out the possibility that credit card information was stolen.

Sony PlayStation network users face password change

May 01, 2011

Users of Sony's PlayStation Network will have to change their passwords, the Japanese entertainment and technology giant said Sunday as it looks to boost security after its system was hacked.

Sony to reveal PlayStation hack probe findings

Apr 30, 2011

Sony will reveal details of its internal probe into a massive theft of personal data from users of its PlayStation Network on Sunday, plus a timetable for bringing the network back into action, it said.

Sony says 25 million more accounts hacked

May 03, 2011

Sony Corp. said Monday that hackers may have taken personal information from an additional 24.6 million user accounts after a review of the recent PlayStation Network breach found an intrusion at a division that makes multiplayer ...

Sony sued over PlayStation Network hack

Apr 29, 2011

Sony is being sued in US court by gamers irked by news that a hacker cracked PlayStation Network defenses and pilfered data that could potentially be used for fraud or identity theft.

Recommended for you

Scalping can raise ticket prices

21 hours ago

Scalping gets a bad rap. For years, artists and concert promoters have stigmatized ticket resale as a practice that unfairly hurts their own sales and forces fans to pay exorbitant prices for tickets to sold-out concerts. ...

Study shows role of media in sharing life events

Jul 24, 2014

To share is human. And the means to share personal news—good and bad—have exploded over the last decade, particularly social media and texting. But until now, all research about what is known as "social sharing," or the ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

JRDarby
not rated yet May 04, 2011
Funny how they've basically blamed it on Anonymous and yet the whole "theft" thing really doesn't fit their MO. Dupes as they said, perhaps, and that would be interesting... if true.
J-n
5 / 5 (1) May 04, 2011
Blaming a highprofile group, saying it's a 'sophisticated' attack are just attempts at reducing/removing the culpability of Sony in this situation.

If they revealed that it was an EASY task to steal their users information they would most definitely be the target for large class action law suits.