The Washington Post

Cyber attack was large-scale, Sony says

In a letter to a House panel looking into data breaches on Wednesday, Sony said that it is the victim of a large, sophisticated cyber attack.

Sony executive Kazuo Hirai said the company believes it has identified the cause of the first attack, though not who is behind it. He said the firm found evidence that Anonymous, the loosely organized hacker group that has targeted the company in the past, is responsible for the attacks. The group has publicly denied involvement.

Hirai said in the letter responding to inquiries from a House Commerce subcommittee that intruders had planted a file on Sony’s hacked servers “named ‘Anonymous’ with the words ‘We Are Legion,’” a reference to the group’s motto.

“Whether those who participated in the denial of service attacks were conspirators of whether they were simply duped into providing cover for a very clever thief, we may never know,” Hirai wrote.

Sony declined an invitation to attend the hearing.

On April 26, Sony announced that hackers had broken into its PlayStation and Qriocity networks April 17-19 and may have released the personal and billing information of up to 77 million people.

On Monday, Sony reported a second security breach by hackers, who may have stolen personal information of about 24.6 million users on its Sony Online Entertainment site. The company has shut down the Web site.

At the Wednesday hearing, subcommittee members had harsh words for Sony. Rep. Mary Bono Mack (R-Calif.), the subcommittee chair, said that Sony should have informed its consumers of the first security breach earlier and that its efforts were “half-hearted, half-baked.” She was particularly critical of Sony’s decision to first notify customers of the attack via its company blog,leaving it up to customers to search for information on the breach. Hirai wrote that the company waited a week to notify customers because it took that long to get complete information on the attack.

In the letter, the company restated that it has had no confirmed reports of credit card fraud related to the breach. And the letter detailed the “Welcome Back” program Sony is launching to make amends with customers.

Sony will provide all PlayStation Network users with complimentary identity theft protection, 30 days of its PlayStation Plus premium service and 30 days of free service for Music Unlimited subscribers. The company is also giving PlayStation Plus and Music Unlimited subscribers one free day for each day the service is down.

It’s offering a similar deal to Sony Online Entertainment customers. The letter did not provide new information on the attack announced on Monday.

Related stories:

Sony online division shuts down site

Sony got hacked; what should I do?

Sony: Attackers may have obtained profile, payment information

Hayley Tsukayama covers consumer technology for The Washington Post.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Videos curated for you.
Play Videos
How to make Sean Brock's 'Heritage' cornbread
New limbs for Pakistani soldiers
The signature dish of Charleston, S.C.
Play Videos
Why seasonal allergies make you miserable
John Lewis, 'Marv the Barb' and the politics of barber shops
What you need to know about filming the police
Play Videos
The Post taste tests Pizza Hut's new hot dog pizza
5 tips for using your thermostat
Michael Bolton's cinematic serenade to Detroit
Play Videos
Full disclosure: 3 bedrooms, 2 baths, 1 ghoul
Pandas, from birth to milk to mom
The signature drink of New Orleans