Sony Responds to the House of Representatives Hearing on Data Theft

The attack on Sony's Playstation Network is getting serious attention from the U.S. House of Representatives today, as the Subcommittee on Commerce, Manufacturing and Trade held a hearing today. The subject? "The Threat of Data Theft to American Consumers." Sony had declined to appear at the hearing, but Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, has sent in written responses to questions posed by the subcommittee. We have followed the PSN story very closely, as Sony has struggled to deal with the "very carefully planned, very professional, highly sophisticated criminal cyber attack" on its network.

The full letter from Hirai to the Committee is located here, and is very interesting reading, but a summary of the responses is below.

Hirai stated that "At the same time that experienced attackers were carrying out their attack, they also attempted to destroy the evidence that would reveal their steps." Sony has discovered that intruders had planted a file on one of the Sony Online Entertainment servers named "Anonymous" with the words "We are Legion". Sony has also confirmed that all 77 million PSN/Qriocity accounts have been compromised.

They have said that the major credit card companies have not reported any fraudulent transactions as a direct result of the attack. However, we have reported on security experts' warnings that credit card data may have already been offered for sale. Sony has said it will offer free identity theft protection to U.S. account holders, which it seems is the least they can do.

The "Welcome Back" package includes free downloads, 30 days of free membership in the PlayStation Plus premium subscription service; 30 days of free service for Music Unlimited subscribers; and extending PlayStation Plus and Music Unlimited subscriptions for the number of days services were unavailable.

Sony's key principles in dealing with the attack are:

  • Act with care and caution.
  • Provide relevant information to the public when it has been verified.
  • Take responsibility for our obligations to our customers.
  • Work with law enforcement authorities (they are working with the FBI on the investigation).
  • Sony has restored some PSN and Qriocity services, and will continue to do so over the course of this week. Meanwhile, if you have a PSN or Qriocity account, be careful out there. Sony continues to say they are working around the clock to restore services and increase security. What do you think? Are they doing enough?

    [via Sony Playstation Blog]