Sony Corp. this week responded to questions posed by the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce regarding the attack of the Playstation Network division.
Kazuo Hirai, Chairman of the Board of Directors of Sony’s U.S. game division told the subcommittee that it was a victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
The company discovered the hackers planted a file on one of the Sony Online Entertainment servers named ‘Anonymous’ with the words ‘We are Legion’.
Forensics teams confirmed the scope of the data breached on Apr. 25 an the company informed the public on Apr. 26.
It added that major credit card companies have not reported fraudulent transactions as a result of the attack.
It concluded that it is taking steps to prevent future attacks, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location; and the naming of a new Chief Information Security Officer.
The company also admitted that servers of the Sony Online Entertainment division had been hacked May 1st and was previously undetected.
Sony this month said PSN will be stored in phases beginning this week.
The restoration will include online gaming across the PS3 and PSP, access to Music Unlimited at Qriocity, Access to Account Management and Password Reset, Access to download movie rentals, Playstation Home, Friends List and Chat functionality.
User game information, including Trophies, Download History, Friends List, Settings, PS+ cloud will all be intact when the service is restored.
To prevent future network attacks, the company it has employed new security measures, including automated software and configuration management, enhanced data protection and encryption, enhanced ability to detect intrusions or unusual activity patterns, and implementation of additional firewalls.
Sony previously said PSN user account information, including username, password, and credit card data may have been compromised as a result of an illegal intrusion to the network.
Sony said it will issue a ‘Welcome Back’ program for the PSN and Qriocity to compensate users for their patience during downtime of the service.
Each territory will receive select free premium download content, free 30-day membership to Playstation Plus, a free month of Playstation Plus to existing subscribers, and a free month of Qriocity to existing subscribers.
The company is working with an outside security firm to conduct a full investigation and is rebuilding the system to protect user information.
A total of 77 million PSN users may have been affected.
The PSN has been out of service since Apr. 20.
It previously incurred a service outage Apr. 9.