Sony's letter to the House Subcommittee on Commerce, Manufacturing, and Trade contains new details about the ongoing PSN investigation.
The U.S. House of Representatives had a few questions for Sony after the recent PSN security breach, and the company has responded with an eight-page letter that addresses the Congressional concerns. For the most part, the missive isn’t particularly exciting. Sony boss Kaz Hirai once again says that Sony was the target of a sophisticated criminal attack and that they’ve been working with multiple forensics teams in order to investigate they breach.
The juiciest tidbit is that Sony appears to have evidence that implicates the Anonymous hacker collective in the attack. Hirai explains that a file titled “Anonymous” with the “We are Legion” slogan was planted on the Sony Online Entertainment servers during the attack, and notes that the breach took place shortly after threats were made “against both Sony and its executives in retaliation for enforcing intellectual property rights in U.S. Federal Court.”
Anonymous was behind a recent denial of service attack on the PSN, although they have since called off the assault and denied any involvement in the PSN fiasco. However, Anonymous is a loosely organized collective that doesn’t necessarily operate in unison, so a splinter group could be responsible for the massive security violation.
Hirai goes on to reveal that Sony reported the intrusion to the FBI as early as April 22nd, and he addresses the delay between the discovery of the breach and the company’s public statement on April 26th.
“I am of course aware of the criticism Sony has received for the time taken to disclose information to our customers,” writes Hirai. “I hope you can appreciate the extraordinary nature of the events the company was facing.”
"Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence,” he continues.
Sony says that there is still no evidence to show that credit card data has been compromised, and Hirai adds that only 12.3 million account holders (out of a total of 77 million) had credit card information stored on Sony servers. Moving forward, Sony plans to increase security with enhanced firewalls, detection systems, encryption, and a new database at an undisclosed location. Sony will also appoint a new Chief Information Security Officer.