Sony: Co. is victim of sophisticated cyber attack

May 4, 2011 By JOELLE TESSLER , AP Technology Writer

The data breach of Sony's PlayStation Network resulted from a "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes," a Sony executive said.

In a letter to members of the House Commerce Committee released Wednesday, Kazuo Hirai, chairman of Sony Computer Entertainment America LLC, defended the company's handling of the breach.

Sony first disclosed the breach last week. It said the attack may have compromised credit card data, email addresses and other personal information from 77 million user accounts. On Monday, Sony said data from an additional 24.6 million online gaming accounts also may have been stolen.

The company has shut down the affected systems while it investigates the attacks and beefs up security. Hirai said Sony is working "around the clock to get the systems back up and to make sure all our customers are informed of the and our responses to it."

Addressing criticism that the company waited too long to inform customers, Hirai said Sony waited until it had a solid understanding and confirmation of the extent of the attack and its implications.

"Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by ," he wrote.

Although Sony began investigating unusual activity on the PlayStation network on April 19, it did not notify consumers of the breach until April 26.

Hirai's letter said the company does know who is responsible for the attack and is working with outside security and forensics consultants and the on an inquiry.

The letter also noted that the hack came on the heels of attacks launched against several Sony operations and threats made against Sony and its executives in retaliation for complaint filed by the company against a hacker in U.S. District Court in San Francisco.

The letter said Sony may not have immediately detected the PlayStation breach in part because its security teams were busy trying to defend against the .

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," Hirai wrote.

Hirai was one of three Sony executives who bowed in apology for the data breaches for several seconds at the company's Tokyo headquarters on Sunday.

His letter was in response to an inquiry by Rep. Mary Bono Mack, R-Calif., who chairs the House Commerce Subcommittee on Commerce, Manufacturing and Trade, and Rep. G.K. Butterfield of North Carolina, the subcommittee's top Democrat.

Sony officials had been invited to testify at a subcommittee hearing on data breaches held Wednesday, but did not appear.

One witness, David Vladeck, director of Federal Trade Commission's bureau of consumer protection, used his testimony to call for legislation that would require companies to implement reasonable data security policies and procedures, and notify consumers in the event of a breach.

Explore further: Sony apologises for breach, boosts security

More information: Correction: In a story May 4 about an attack on Sony Corp.'s PlayStation Network, The Associated Press erroneously reported that Sony knows who is responsible. In a letter to Congress, the company said it does not know who is responsible.


Related Stories

Sony apologises for breach, boosts security

May 1, 2011

Sony on Sunday apologised for a security breach that compromised millions of users, and said it could not rule out the possibility that credit card information was stolen.

Sony to reveal PlayStation hack probe findings

April 30, 2011

Sony will reveal details of its internal probe into a massive theft of personal data from users of its PlayStation Network on Sunday, plus a timetable for bringing the network back into action, it said.

Sony says 25 million more accounts hacked

May 3, 2011

Sony Corp. said Monday that hackers may have taken personal information from an additional 24.6 million user accounts after a review of the recent PlayStation Network breach found an intrusion at a division that makes multiplayer ...

Sony sued over PlayStation Network hack

April 29, 2011

Sony is being sued in US court by gamers irked by news that a hacker cracked PlayStation Network defenses and pilfered data that could potentially be used for fraud or identity theft.

Recommended for you

Volvo to supply Uber with self-driving cars (Update)

November 20, 2017

Swedish carmaker Volvo Cars said Monday it has signed an agreement to supply "tens of thousands" of self-driving cars to Uber, as the ride-sharing company battles a number of different controversies.

New method analyzes corn kernel characteristics

November 17, 2017

An ear of corn averages about 800 kernels. A traditional field method to estimate the number of kernels on the ear is to manually count the number of rows and multiply by the number of kernels in one length of the ear. With ...


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet May 04, 2011
Funny how they've basically blamed it on Anonymous and yet the whole "theft" thing really doesn't fit their MO. Dupes as they said, perhaps, and that would be interesting... if true.
5 / 5 (1) May 04, 2011
Blaming a highprofile group, saying it's a 'sophisticated' attack are just attempts at reducing/removing the culpability of Sony in this situation.

If they revealed that it was an EASY task to steal their users information they would most definitely be the target for large class action law suits.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.