The lights are on
Congress is talking...sort of...to Sony over the PSN security breach that has affected millions of consumers in the U.S. alone. Although Sony wasn't physically present in front of the Congressional subcommittee looking into the matter, Sony Computer Entertainment America chairman Kaz Hirai submitted an eight-page document regarding the situation.
In the letter to the chairman and ranking member of the Subcommittee on Manufacturing, Commerce, and Trade, Hirai reiterated how the attack unfolded (starting on April 19) and how Sony responded to it, including shutting the service down on the 20th, and bringing in multiple security teams in the following days. Hirai says that data was taken from all of the 77 million PSN/Qirocity accounts, but that only 12.3 million (5.6 million of which were in the U.S.) of those had a credit card attached to them. Although Sony still says it's not 100 percent certain that users' credit card info hasn't been stolen, Hirai was relatively confident in his letter. "The major credit card companies have not reported that they have seen
any increase in the number of fraudulent credit card transactions as a
result of the attack," he wrote. However, Hirai says the company will offer complimentary credit protection services.
As for the delay in informing the public, Hirai asked the subcommittee for its understanding. "I am of course aware of the criticism Sony has received for the time taken to disclose information to our customers. I hope you can appreciate the extraordinary nature of the events the company was facing – brought on by a criminal hacker whose activity was neither immediately nor easily ascertainable."
Sony says it does not know who is responsible. Hirai did say, however, that whoever performed the Sony Online Entertainment breach (which yielded 12,700 outdated, foreign-based credit cards) left a file named "Anonymous" on one of the servers with the message "We are Legion." Whether this was really the work of the hacker collective Anonymous, who openly called for attacks on Sony, but who has denied any involvement in the PSN breach, is unknown.
Finally, Hirai says that Sony has taken additional security steps to protect itself and consumers against future breaches, including enhanced levels of encryption and detection software, extra automated monitoring, additional firewalls, and more.
Sony says it should soon have details on which PSN services will be operational and when, and it has also offered a "Welcome Back" program for users.
Email the author Matthew Kato, or follow on Twitter, and Game Informer.