Sony: Co. is victim of sophisticated cyber attack

May 04, 2011 By JOELLE TESSLER , AP Technology Writer

The data breach of Sony's PlayStation Network resulted from a "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes," a Sony executive said.

In a letter to members of the House Commerce Committee released Wednesday, Kazuo Hirai, chairman of Sony Computer Entertainment America LLC, defended the company's handling of the breach.

Sony first disclosed the breach last week. It said the attack may have compromised credit card data, email addresses and other personal information from 77 million user accounts. On Monday, Sony said data from an additional 24.6 million online gaming accounts also may have been stolen.

The company has shut down the affected systems while it investigates the attacks and beefs up security. Hirai said Sony is working "around the clock to get the systems back up and to make sure all our customers are informed of the and our responses to it."

Addressing criticism that the company waited too long to inform customers, Hirai said Sony waited until it had a solid understanding and confirmation of the extent of the attack and its implications.

"Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by ," he wrote.

Although Sony began investigating unusual activity on the PlayStation network on April 19, it did not notify consumers of the breach until April 26.

Hirai's letter said the company does know who is responsible for the attack and is working with outside security and forensics consultants and the on an inquiry.

The letter also noted that the hack came on the heels of attacks launched against several Sony operations and threats made against Sony and its executives in retaliation for complaint filed by the company against a hacker in U.S. District Court in San Francisco.

The letter said Sony may not have immediately detected the PlayStation breach in part because its security teams were busy trying to defend against the .

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," Hirai wrote.

Hirai was one of three Sony executives who bowed in apology for the data breaches for several seconds at the company's Tokyo headquarters on Sunday.

His letter was in response to an inquiry by Rep. Mary Bono Mack, R-Calif., who chairs the House Commerce Subcommittee on Commerce, Manufacturing and Trade, and Rep. G.K. Butterfield of North Carolina, the subcommittee's top Democrat.

Sony officials had been invited to testify at a subcommittee hearing on data breaches held Wednesday, but did not appear.

One witness, David Vladeck, director of Federal Trade Commission's bureau of consumer protection, used his testimony to call for legislation that would require companies to implement reasonable data security policies and procedures, and notify consumers in the event of a breach.

Explore further: Shazam breaks 100 million monthly user mark

More information: Correction: In a story May 4 about an attack on Sony Corp.'s PlayStation Network, The Associated Press erroneously reported that Sony knows who is responsible. In a letter to Congress, the company said it does not know who is responsible.

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Sony apologises for breach, boosts security

May 01, 2011

Sony on Sunday apologised for a security breach that compromised millions of users, and said it could not rule out the possibility that credit card information was stolen.

Sony PlayStation network users face password change

May 01, 2011

Users of Sony's PlayStation Network will have to change their passwords, the Japanese entertainment and technology giant said Sunday as it looks to boost security after its system was hacked.

Sony to reveal PlayStation hack probe findings

Apr 30, 2011

Sony will reveal details of its internal probe into a massive theft of personal data from users of its PlayStation Network on Sunday, plus a timetable for bringing the network back into action, it said.

Sony says 25 million more accounts hacked

May 03, 2011

Sony Corp. said Monday that hackers may have taken personal information from an additional 24.6 million user accounts after a review of the recent PlayStation Network breach found an intrusion at a division that makes multiplayer ...

Sony sued over PlayStation Network hack

Apr 29, 2011

Sony is being sued in US court by gamers irked by news that a hacker cracked PlayStation Network defenses and pilfered data that could potentially be used for fraud or identity theft.

Recommended for you

Twitter tries to block images of Foley killing

13 hours ago

Twitter and some other social media outlets are trying to block the spread of gruesome images of the beheading of journalist James Foley by Islamic State militants, while a movement to deny his killers publicity ...

New generation is happy for employers to monitor them on social media

13 hours ago

Will employers in the future watch what their staff get up to on social media? Allowing bosses or would-be employers a snoop around social media pages is a growing trend in the US, and now a new report from PricewaterhouseCoopers and the Said Business School suggest ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

JRDarby
not rated yet May 04, 2011
Funny how they've basically blamed it on Anonymous and yet the whole "theft" thing really doesn't fit their MO. Dupes as they said, perhaps, and that would be interesting... if true.
J-n
5 / 5 (1) May 04, 2011
Blaming a highprofile group, saying it's a 'sophisticated' attack are just attempts at reducing/removing the culpability of Sony in this situation.

If they revealed that it was an EASY task to steal their users information they would most definitely be the target for large class action law suits.