New York Attorney General Eric Schneiderman has issued a subpoena to three divisions of Sony asking for more information on how it protects customer data, The New York Times reported Thursday.

Sony announced on April 26 that a breach of its PlayStation Network had compromised millions of customers’ personal information, and the company cautioned that credit card information may have been stolen. On May 2, Sony Online Entertainment announced that credit card data had been stolen from its servers as part of a cyber attack.

In an e-mailed statement responding to the subpoena of Sony Computer Entertainment, Sony Network Entertainment and Sony Online Entertainment, spokesman Patrick Seybold said, “We will review and respond to this request, and will continue to work with law enforcement authorities as they investigate the criminal attack on our networks.”

The company has faced tough scrutiny from lawmakers and law enforcement officials who have demanded more information about the breaches and about why Sony waited until a week after the April breach to notify customers the personal data was stolen.

In a letter to a House Commerce subcommittee, Sony’s second-in-command, Kazuo Hirai said that the company wanted more complete information before announcing the breach to consumers.

Rep. Mary Bono Mack (R-Calif.), who chairs the committee, said in a hearing on data breaches yesterday that Sony’s efforts were “half-hearted, half-baked.” Sony declined to testify at that hearing, opting instead to send a written response to the subcommittee’s questions.

Related stories:

Anonymous denies breaching Sony servers, again

Sony Online Entertainment details attack, but no timeline for service restoration

Cyber attack was large-scale, Sony says