The hits just keep coming for Sony. The maker of the PlayStation Portable and the PlayStation 3 announced last week that hackers broke into its PlayStation Network (PSN) database and stole its 77-million customer database. Sony waited an entire week while investigating the breach before notifying customers. In the meantime the PSN was down.
This week Sony revealed new details in media comments and posts to its PlayStation blog. They commented that up to 10 million users’ credit card numbers were likely obtained by the intruder. Haha. Sucks for you guys.
“We deeply apologize for the inconvenience we have caused,” said Kazuo Hirai, chief of Sony Corp.’s PlayStation video game unit, who was among the three executives who held their heads low for several seconds at the company’s Tokyo headquarters in the traditional style of a Japanese apology. Hirai said parts of the service would be back this week and that the company would beef up security measures. But he and other executives acknowledged that not enough had been done in security precautions, and promised that the company’s network services were under a basic review to prevent a recurrence. “I see my work as first making sure Sony can regain the trust from our users,” Hirai said.
The network, which serves both the PlayStation video game machines and Sony’s Qriocity movie and music services, has been shut down since April 20. It is a system that links gamers worldwide in live play, and also allows users to upgrade and download games and other content. Hirai said Sony suspected it was under attack by hackers starting April 17. According to Sony, of the 77 million PlayStation Network accounts, about 36 million are in the U.S. and elsewhere in the Americas, while 32 million are in Europe and 9 million in Asia, mostly in Japan.
Pressure is mounting on Sony to restore services and compensate players. U.S. lawmakers have sent a letter to Hirai demanding answers by May 6 about the security breach and Sony’s response. Hirai said he had read the online version of the letter and would answer the questions as soon as possible.
Last month, U.S. lawyers filed a lawsuit against Sony on behalf of lead plaintiff Kristopher Johns for negligent protection of personal data and failure to inform players in a timely fashion that their credit card information may have been stolen. The lawsuit seeks class-action status. Hirai said the network problems would not hurt or delay Sony’s product plans, including a tablet device that looks like Apple’s iPad, an upgrade to the PlayStation Portable and a gradual global rollout of the Qriocity service.
Hirai also denied Sony had purposely held off on releasing information about network problems, a criticism that some have expressed. He said the service was shut down to prevent damage, and that time was needed to find out what had happened and who was responsible.
But Yoh Mikami, a writer specializing in electronic security in Japan, said Sony’s network business had suffered a serious blow as people were seeing its reliability as plunging. He said Sony also waited too long, more than a week, to tell users what had happened. “What became clear today is that Sony didn’t even know its server had a vulnerability,” said Mikami. “Sony’s crisis management came too little, too late.”