Sony Addresses Congress Over Hacker Attack, Blames Anonymous4 May, 2011 By: Chris Tribbey
Sony Computer Entertainment told a Congressional subcommittee May 4 how it was handling the fallout of a massive hacker attack that compromised the information of 77 million PlayStation Network users and 24.6 million Sony Online Entertainment users, and placed blame for the attack on the hacker group Anonymous.
“In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles: Act with care and caution; provide relevant information to the public when it has been verified; take responsibility for our obligations to our customers; work with law-enforcement authorities,” Kazuo Hirai, chairman of the board of directors of Sony Computer Entertainment America, wrote in a statement to the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce.
“Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack,” Hirai continued. “We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named ‘Anonymous’ with the words ‘We are Legion.’”
On April 25, about a week after the attack occurred, forensic teams confirmed the scope of the personal data stolen and were unable to rule out that credit card information was among the information stolen.
“As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack,” Hirai wrote.
“Protecting individuals’ personal data is the highest priority and ensuring that the Internet can be made secure for commerce is also essential.”
The PlayStation Network has been offline for weeks, with Sony attempting to bring some services online. Following the mid-April attack, several politicians have called for more stringent legislation to protect consumers online, and a class-action lawsuit has been filed on behalf of PlayStation Network users.
Sony said it will launch a customer appreciation program that will offer free downloads and games to customers for 30 days. Subscribers will have to change their account passwords when signing back on to Sony online services.
“We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new chief information security officer,” Hirai wrote.