Things haven’t been going pretty well for Sony these past couple of weeks to say the least. Gamers are still waiting for the Playstation Network to come back up and even though Sony says it will be up soon, we’re not sure when PSN will be up and running.
Today, Kazuo Hirai, Chairman of the Board of Directors of Sony, submitted written answers to questions posed by the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce. The House of Representatives held a hearing in Washington, DC on “The Threat of Data Theft to American Consumers.”
Sony submitted written answers to questions posed by the subcommittee about the “large-scale, criminal cyber-attack” they have experienced. (Here is the formal letter if you wanted to read it for yourself (click here)
Sony told the subcommittee that they followed four key principles in regards to responding to the attack:
- Act with care and caution.
- Provide relevant information to the public when it has been verified.
- Take responsibility for our obligations to our customers.
- Work with law enforcement authorities.
They also informed the subcommittee of the following:
- Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
- We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
- By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, Sony notified customers of those facts.
- As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
- Protecting individuals’ personal data is the highest priority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
- They are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.
Sony then went on to tell the subcommittee about their intent to offer complimentary identity theft protection to U.S. account holders and detailed the “Welcome Back” program that includes free downloads, 30 days of free membership in the PlayStation Plus premium subscription service; 30 days of free service for Music Unlimited subscribers; and extending PlayStation Plus and Music Unlimited subscriptions for the number of days services were unavailable.
What do you guys think of the the Sony attacks? Does this statement restore a bit a faith in Sony? Let us know what you think.