Today, the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce held a hearing in Washington, DC on “The Threat of Data Theft to American Consumers.”
Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the subcommittee about the large-scale, criminal cyber-attack we have experienced. We wanted to share those answers with you (click here).
In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:
- Act with care and caution.
- Provide relevant information to the public when it has been verified.
- Take responsibility for our obligations to our customers.
- Work with law enforcement authorities.
We also informed the subcommittee of the following:
- Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
- We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
- By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
- As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
- Protecting individuals’ personal data is the highestpriority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
- We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.
We told the subcommittee about our intent to offer complimentary identity theft protection to U.S. account holders and detailed the “Welcome Back” program that includes free downloads, 30 days of free membership in the
PlayStation Plus premium subscription service; 30 days of free service for Music Unlimited subscribers; and extending PlayStation Plus and Music Unlimited subscriptions for the number of days services were unavailable.
We are working around the clock to have some PlayStation Network services restored and we’ll be providing specific details shortly. We hope this update is helpful to you, and we will continue to keep you posted as we work to restore our network and provide you with both the entertainment and the security you deserve.
Blah Blah Blah.
When
Will
The
PSN
Be
Back
On-Line?
That is all that you need to answer. I don’t need further explanation on how inept your security framework is.
@ Autoxfool
IF Only all these other Journalists understand what u said.
Sorry, silly kids that don’t have credit cards, some people care.
The letter to Congress does not apologize for not encrypting the data, as any company collecting credit card info should do in this day and age, especially companies that pursue and inflame hackers.
If you are going to do that now, then obviously you could have and should have done it before.
Sorry, but I really don’t care. I just want the PSN to be back up and running. HURRY UP!
For all you people saying “it was a frame job” or they’re “just blaming Anonymous”, you need to remember one thing. Anonymous is just that, anonymous. ANYONE can be Anonymous. If the guy(s) who hacked PSN considered themselves a part of Anonymous, that’s the only prerequisite needed to actually BE part of Anonymous.
Secondly, what benefit would Sony get out of blaming someone or framing someone for something they didn’t do. Sony, the Dept of Homeland Security and the FBI want the people who stole our information not just to lock them up, but to find out EXACTLY what was taken in order to control the leak. Blaming someone unrelated to the attack doesn’t serve that purpose. Trust me, they want the people who actually did this. If Sony said Anonymous left a calling card then they did. They also wouldn’t lie to Congress about it because A.) that would be incredibly stupid and B.) Sony has gotten this information from outsourced firms who also have to report this information to Congress, the DoHS and the FBI.
You really think Sony and their outsourced security firms are going to lie to the US Gov’t just to blame someone who didn’t do it? Wake up, people.
PSN COULD COME BACK IN LIKE A MONTH I DONT CARE I JUST GOT MY FAVORYTE GAME EVER MOTOR STORM APOCALYPSE !!!! …. SO SONY WHILE IM TRYING TO GET BETTER AT THIS GAME U COULD TAKE YOUR TIME LOLOLOL
@105 no I’m not saying Anon didn’t do it.
What I said:
1) The evidence is too obvious. Chances are, this was a False Flag operation. Someone (not Sony) must’ve done it and left a deceiving trail.
2) There is no hierarchy in Anon but there IS a collective consensus on ‘major decisions.’ Anyone can be anonymous, but Anonymous (with capital ‘A’), like it or hate it, are a group, albeit a loose one.
3) I never said they didn’t do it. I said they’re innocent until proven guilty. The evidence is too obvious for such a sophisticated attack, especially since, as per what Anon said, they weren’t involved.
@ rawstory
I thought that Sony have already said that the credit card numbers were encrypted and that passwords had been hashed.
It was the personal information that hadn’t been encrypted, right?
@pitythefool852
20000 credit card and bank account numbers were accessed according to Sony…unless hackers figured out how to unecrypt that data I’ll assume no.
And all this should make it safer for us to be on the PSN. Still, I’m anxious to get back online. Thanks guys.
Keep the updates coming.
@50 & 56: Firstly, you don’t have to post twice. Secondly, the members of the Committee on Energy and Commerce are readily available all over the internet — so reason to pester a Japanese electronics company for that information. Thirdly, the regulation of commerce is one of the major reasons we pay our Congress (see US Constitution Article I, Section 8, Clause 3. So do all of America a favor and please don’t vote at all until you’re educated enough to do so responsibly.
@96: The United States Congress doesn’t address matters pertaining to Canada.
In other words, you don’t actually have either proof or indication that customer databases were targeted at all, now do you?
You’re not in Kansas anymore, you know. Drumming up the attack as if it was a terrorist plot isn’t going to fly.
Again – we need specific information on what databases were breached and how, we need specific information on what databases with what info are directly accessible, and we need to know what sort of information is transferred from our ps3s (and then what is stored on your servers) – or Sony’s reputation is going to suffer.
No threat, just stating the obvious. You’re not going to get away with playing the crowd this time.
Anonymous call themselves gamers? I now will never call them gamers I hope they find them and can’t wait to watch that trial and Sony better not make a GeoHotz deal either…
I would rather have them tell me a for sure date instead of 5 updates that say they are working around the clock to restore services and leave you hanging with saying “Shortly”. Ummmm what is “Shortly” to them? To me it’s like a a few hours max. I don’t tell my wife that we are gonna go to the store shortly and then leave 3 days later. I had someone offer me $245 bucks for my PS3 that I bought this last Christmas. If something doesn’t happen soon I will be making that deal and spending the money on X-box games. I like the PS3 better, mainly because of the Socom franchise, but I only got to play my new Socom 4 for a day before the Network was turned off due to the cyber attack. Didn’t even get a chance to play Portal 2 online or Mortal Kombat. Majorly bummed :(
Sony you should always have a backup plan, prepare for these attacks, if some1 hacks you, you should be able to investigate while having key psn services up, I would say that you could have not only psn but another similar network to let you play online when the main is down which is a backup of the psn but does not require any card details
@ mcbuttz78 You are so right, THEY DO HAVE AN INSIDE GUY. Leaking out info, it’s how they got the jigstick psp thing. I have read on the hacker(s) sites that they do have a guy on the inside, someone who knows what servers that dev’s must use now.
Hmmm Sony are you doing as much homework on this as Me? No FBI where I live and the local law enforcement are garbage here. Contact me, Im doing more research on this.
First you say anonymous is involved, then you say they aren’t then they are. Which is it? Are they or aren’t they? Still no psn? Isn’t that an advertised feature? A friend of mine bought a slim today only to have me tell him why he couldn’t go online. He was outraged and the one game he got with it, he cant play cause He can’t update it. Wow isn’t that LAME.
Side note: someone tried to access my BB Protect account today. Funny stuff to me.
And to whomever hacked my skewl today, thanks for the early day off…………..
Seriously Sony, we your fans have been more than patience, I bought Mortal Kombat and Portal 2 so I could play online, it’s been two weeks now and no results yet. I have always been a loyal fan, but the [DELETED]. has already reached the boiling point. And you try to insult us by telling us that our reward will be a 30 day free Playstation Plus, that sounds more like a PR stunt than a thank you to the fans. I am loyal fan, but I am not stupid and I am getting tire of this. Everyone here can keep posting nice comments but I’ll post what I feel.
For all those people crying about people crying & saying let sony take there time and make it secure because im sony’s B***H. Please they already have our info what difference does it make if they put on psn right now
These stupid senators should mind their own business and don’t have the right to criticize others on communication and way Sony handles when they are terrible at handling situations themselves
Thank you Mr. Seybold
“We are working around the clock to have some PlayStation Network services restored and we’ll be providing specific details shortly”
I hope it’s back up before Brink release..
Guess what sony? im buying microsoft & nintendos new console NOT YOURS!!! >:( you’ve just lost 4 customers
I wonder if the extended PSN downtime will delay the Uncharted 3 Multiplayer Beta… I hope not.
The good thing is that everyone will be able to enjoy the beta, thanks to the 1 month free PS+ subscription. :)
Redesign XMB, PSN store and add Cross game voice chat and I’ll be fine. let it take a full month or two but just give them to us. (This would shut everyone’s mouth lol)
Well I just went and looked at one of the main sites I found thats all about hacking the ps3 and found this major cause for concern for you sony,
looks like graf_choko has a student:
it’s OtherOS (Linux) for PS3 firmware 3.55, It’s a bit of a process to get up and running, firmware PUPs pre-patched. A ready-to-use Linux distro image is in the works.
Made by Geoffrey Levand who has taken over the PS3 Linux effort after Sony slapped a judge-ordered TRO on graf, forcing him to trash everything. The next sentence they ask for donations for graf. Looks like you need to go after Geoffrey there now. Another ps3 hacker found by Me. I have the page and where they are hosting said tools copied to my list of proof.
Now do ya believe me when I say Im trying to help out? Why hasn’t ANYONE listened to me ever? I been sending in stuff about this for YEARS!!!!!!!!!!
I’ve sent you photo’s of people in Home launching the tools they used for hacking ps3, At Least Jeff was interested. He knows how good I am with this type of stuff. Why don’t ya go ask Him about my prowess on the interwebs. I will not stop till these folks are prosecuted, you can use me as a witness anytime you want.
Again, go get em Sony.
Don’t resign XMB or the PSN store, both are simple, elegant, and relatively add free.
Bono isn’t a happy bunny, is she.
You know until I see unverified charges on my card I’m gonna keep it. I’ve bought things from many places, any of which could have been hacked into. So really, I don’t have an issue with it. I just find it funny that people are going out and buying 360s. Have fun with that, I’ll stick with the system I’ve already put a lot of money into instead of getting pennies back for my investment.
We shall all threaten Sony that were all buying Xbox 360’s so they can work faster
oh great here we go with cross chat again >:( yea well sony just add a pancake maker update and we’ll be fine while your at it make it print money also & and id like to use it as a hover board sony please make my ps3 fly. Do it and just give it to us (it would shut everyone up)
@Poison thats the only reason im not buying a 360 because ive invested too much into ps3 lol but you can be sure right now on the next console im 80% microsoft 20% sony
Pancake Maker, i want waffles…actually scratch that just make me bacon, bacon makes everything okay :D
I’ll continue to make my purchases based on the games with them. Until microsoft can offer me a better experience, i’ll stick with sony. I’ve owned all 3 systems this generation and the only one I still have is a ps3.
@Lopez I go where the games I want are. I only have a PS3. I decide if a console is worth having by it’s exclusives. I had an Xbox last gen but I eventually got a PS2 as well. I used my mom or my sister’s PS2 for the games I did have. But I didn’t play too many xbox exclusives that gen. I’ll probably stick with PS for next gen. And maybe the new “Wii” cause it sounds pretty cool and I can hook my 3DS up to it. But really nothing sells me until I see the price and the game list.
@poison yea I love the sony exsclusives but Xbox has alot i’d like to play too (although many here would say halo sucks i bet you everything it’d be one of the hot sellers if it was on ps3). I mean if playstation somehow gets Left for dead that would def. shift more torwards sony but i agree im gonna have to see the library, and what each system gives you (I.E. Recharchable controllers, wi-fi, online service) you know things like that. I also need to get me a 3ds just for Zelda. And I think ill be getting the new nintendo console although i hope there online gaming doesnt stink and LAG like the wii :(
@Lopez LoZ is just around the corner man, need to jump on it! Yeah I’ve wanted to play L4D but also I could build a gaming PC. Plus I’ve heard the game isn’t that great as well. I’m happy with what PS3 has offered me. The only console/handheld that ever let me down i really the PSP. All my friends pick on me and say I’m a Nintendo fangirl cause I talk about how the DS is where it’s at. But really game wise the DS is better. If you want a portable media center PSP is the better choice. But I had to get a PSP for some games when it started to get cheaper. I may do the same with NGP if it gets one of those must have titles but for now my 3DS is my handheld of choice. The launch titles sucked though. I only have Nintendogs and SSFIV lol. Getting DoA this month, LoZ and RE Mercs next month.
Without questions Halo would sell, but that doesn’t mean I’d play it. I’m not an FPS gamer. I got a 360 for essentially 4 games. Ace Combat 6…which there hasn’t been another console release since. Warriors Oroichi Games(i know they’re terrible games I can’t explain why I love koei’s warrior Series). Mass Effect and Too Human.
The moment ME2 came to the ps3, the reason to keep my 360 went with it and I sold my 360 shortly after. While MLB the show, Gran Turismo, and MGS4 keep me buying Sony. Add in the pleasent Surprise that has been Uncharted, Steamworks support, and not needing to pay to play online when i am a sporadic online gamer. I’m very happy with my decisions.
I’m not apart of the instant gratification group of people that today’s society seems to be full of. 2 or 3 or even 4 weeks without PSN, though annoying, doesn’t negate all the reasons why I use my ps3.
Thanks for the update and the letter was good reading as it really puts it into perspective what the Sony network teams have been going through at a frantic pace. Hats off to you guys at Sony for doing the best you can do.
I miss online play but I haven’t really been using it since I’ve been back in school and working. Now that the semester is winding down I do want my PSN back though lol. Mostly the one thing I’ve been looking forward to the most is Beyond Good & Evil HD to hit the store. It’s supposed to be this month. I bet the next store update is gonna be massive!
k what they are all trying to say is that it going to take mad long just to fix it like it been off for almost two weeks now sony get it back up
What have I been saying here every time..?
“We are working around the clock…”
That stupid phrase that they keep pushing on us. It means nothing to us.
Patrick Seybold … I don’t know who you think you are, and who you think you’re trying to fool. If you guys were really “We are working around the clock…” it wouldn’t take over 2 weeks to get it fixed. And last week, you said that we should expect to see some parts of the PSN back up within a week. Well that 1 week mark was yesterday and nothing is working at all.
Patrick Seybold, if you wish to keep your job with Sony, I suggest you try not to piss off everyone with these slow blog posts, all of which contain junk and repeat information that we all received days ago.
still no info on when the psn will be up & running…
@Poison Resident evil merc. comes out next month :O and I love Ocarina of time (Best game ever made). I need to get me a 3ds only reason I havent yet is because like you said launch titles were blehhhhhhh. And i had a psp but i stepped on it :( but got a ds after and loved it mario, yoshi, donkey kong, kirby, pokemon (why not love nintendo systems) & same here Idk about NGP ill probably just get an Ipad2 or 3 if it comes out around there too lol. And I would rather play L4D on a system I stink at using a mouse & keyboard :(
@toast I know halo would sell. I was just saying I hate how people love to hate on other systems games just cause they cant have them, its the same for those micro fanboys they’d buy resistance, infamous, ratchet, just like everyone here would love to buy Halo, Gears of War, Left 4 Dead, Alan awake and other microsoft exclusives no matter how much they claim they are “stupid games”. But I agree playstation is helping itself out by getting Micrsoft exclusives (ex. Lost planet, MASS EFFECT :)) But i think sony will make us pay online for the next console and yes I live that my ps3 is a blu ray player because im a sucker for high def.
Does anyone else find it insulting and annoying that ALL OF THESE BLOG POSTS are basically repeats of the same thing that was originally said about the down time?
THERE’S ABSOLUTELY NO NEW INFORMATION. WE DON’T HAVE A REAL DATE WHEN THE PSN AND PS STORE WILL COME BACK, AND SONY INSISTS ON MAKING THESE BS COMMENTS, BLOG POST
>_<
I'm really getting fed up and I might have to simply pack away my PS3 and buy a Wii. It's now $150 new and NIntendo is rel-releasing their old games under a new cover art at $20 each.
@rex its been 3 weeks PSN went down the same wed. after socom 4, portal 2, & MK9 came out. 3 weeks is a long…… time!!! :|
Yea. 3 weeks is a long ass time…especially for a network to go down and stay down.
Oops i meant 2 lol
And @ nike I agree they’ve been saying the same thing over & over & over and i find it funny all those people that were protecting sony are all gone lol
Stop hating on Patrick he just post the information he gets from the higher ups. He can’t do anything else. And they said a week from sunday press conference so they have 4 days left
@std they said a week from last tuesday also :| sooooo you’re point is not valid sorry :(
i didn’t have my cc number or anything on my psn but im still freaked out.