Sony confirmed personal data from over 20 million user accounts on its PlayStation network was stolen in a hacker attack last month, but said it aims to revive the network by the end of May. As AP reported:
• Sony said Tuesday it aims to fully restore its PlayStation Network, shut down after a massive security breach affecting over 100 million online accounts, by the end of May.
Sony also confirmed that personal data from 24.6 million user accounts was stolen in the hacker attack last month. Personal data, including credit card numbers, might have been stolen from another 77 million PlayStation accounts, said Sony Computer Entertainment Inc. spokesman Satoshi Fukuoka.
He said Sony has not received any reports of illegal uses of stolen information, and the company is continuing its probe into the hacker attack. He declined to give details on the investigation.
Sony shut down the PlayStation network, a system that links gamers worldwide in live play, on April 20 after discovering the security breach. The network also allows users to upgrade and download games and other content.
Sony CEO and president Howard Stringer posted an apology for the stolen data and downed network on the company’s blog. As Hayley Tsukayama explained:
• An apology letterfrom Sony CEO and president Howard Stringer was posted on the company’s blog Thursday night. The letter said that while Sony has not heard any confirmed reports of personal or credit card informationbeing misused, it will offer a free identity protection plan to any affected user who registers for the program by June 18.
The Sony program offers identity theft protection for one year from the registration date. It includes cyber monitoring with monthly identity status reports, access to privacy and identity theft specialists and a $1 million theft insurance policy per user. Sony will e-mail users eligible for the program with more details. The program is currently only for U.S. users; Sony is working on offering similar programs worldwide.
Stringer also acknowledged customer complaints over Sony’s decisions to delay notifying customers. “I know some believe we should have notified our customers earlier than we did. It’s a fair question,” Stringer wrote, going on to say that, “...it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken.”
This is the first time Stringer has issued a comment on the breach. Spokesman Patrick Seybold has been issuing most of the company’s announcements, while Sony’s popular second-in-command, Kazuo Hirai, has been the public face of Sony at press conferences.
Sony had previously refused to set a timeline for the full reactivation of the PlayStation Network, but did provide details about the attack which caused the interruption and loss of data. As Hayley Tsukayama reported:
• As for a few more details about the attack, Sony said that the SOE incident was not a new attack, but another similar attack discovered in the course of investigation into the PSN breach. SOE had originally reported that no customer data had been extracted in the attack, then changed its story in a May 2 release.
The division said that the perpetrators used sophisticated techniques to cover their tracks, which is why Sony did not initially know that SOE data had also been stolen.
Both the PSN and SOE have announced “make good” gestures for their customers, offering a month of some services to all members, as well as additional free days for subscribers make up the days lost while the company investigates the breach.
SOE has also outlined the plan to compensate players of its DC Universe Online game — in addition to 30 days of subscription credit and being compensated for days the network is down, players will also get a Batman-inspired mask when the game is up again.
More from The Washington Post
Business: Microsoft buys Skype for $8.5 billion