Earlier today, the U.S. House of Representatives held a hearing on “The Threat of Data Theft to American Consumers”, with one of the key companies under focus being Sony due to the massive data breach they suffered on the PlayStation Network and Sony Online Entertainment servers. After the House sent Sony a list of questions that they wanted answered, the beleaguered corporation has published their detailed response.
The Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce recieved a response from Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, who submitted written answers to questions posed by the subcommittee.
The PS Blog summarised the answers, saying that they followed four key principles:
- Act with care and caution.
- Provide relevant information to the public when it has been verified.
- Take responsibility for our obligations to our customers.
- Work with law enforcement authorities.
Other key points highlighted include:
- Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
- Sony discovered that the intruders had planted a file on one of Sony Online Entertainment’s servers named “Anonymous” with the words “We are Legion.”
- By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, Sony notified customers of those facts.
- As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
- Protecting individuals’ personal data is their highest priority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
- Sony are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.
Additionally, Sony’s Flickr account published the entire 8 page letter:
Do you think Sony’s answers were sufficient? Share your thought below.