Sony: Data breach is sophisticated attack
WASHINGTON - The data breach of Sony's PlayStation Network resulted from a "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit-card information for illegal purposes," a Sony executive says.
WASHINGTON - The data breach of Sony's PlayStation Network resulted from a "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit-card information for illegal purposes," a Sony executive says.
In a letter to members of the House Commerce Committee released Wednesday, Kazuo Hirai, chairman of Sony Computer Entertainment America L.L.C., defended the company's handling of the breach.
Sony disclosed the problem last week. It said the attack may have compromised credit-card data, e-mail addresses, and other personal information from 77 million user accounts. On Monday, Sony said data from an additional 24.6 million online gaming accounts also may have been stolen.
The company has shut down the affected systems while it investigates the attacks and beefs up security. Hirai said Sony was working "around the clock to get the systems back up and to make sure all our customers are informed of the data breach and our responses to it."
Addressing criticism that the company took too long to inform customers, Hirai said Sony waited until it had a solid understanding and confirmation of the extent of the attack and its implications.
Although Sony began investigating unusual activity on the PlayStation network April 19, it did not notify consumers of the breach until April 26.
Hirai's letter said the company did not know who was responsible for the attack and was working with outside security and forensics consultants and the FBI on an inquiry.
The letter also noted that the hack came on the heels of denial-of-service attacks launched against several Sony operations and threats made against Sony and its executives in retaliation for a complaint filed by the company against a hacker in U.S. District Court in San Francisco.
Hirai's letter was in response to an inquiry by Rep. Mary Bono Mack (R., Calif.), who chairs the House Commerce Subcommittee on Commerce, Manufacturing and Trade, and Rep. G.K. Butterfield of North Carolina, the subcommittee's top Democrat.
Sony officials were invited to testify at a subcommittee hearing on data breaches held Wednesday, but they did not appear.
One witness, David Vladeck, director of the Federal Trade Commission's Bureau of Consumer Protection, used his testimony to call for legislation to require companies to implement reasonable data security policies and procedures, and notify consumers of a breach.