The Indianpost

U.S. Officials Quiz Sony on Data Theft

Two U.S. Congress members are asking Sony Corp. to explain its handling of the recently disclosed data breach involving its PlayStation Network, one of the largest data thefts ever.
On Friday, Rep. Mary Bono Mack (R., Calif.) and Rep. G.K. Butterfield (D., N.C.), members of a Congressional subcommittee on commerce, manufacturing and trade, asked Kazuo Hirai, the head of Sony’s videogames division, to address their concerns.

The letter asked when Sony first learned of the recent breach, why it waited days to notify its customers, and how Sony intends to prevent further breaches in the future.

A spokesman for Sony didn’t respond to a request for comment on the letter.
Sony has said the breach occurred earlier this month and resulted in the loss of names, addresses and possibly credit card numbers associated with 77 million accounts on its online game network.

While Sony and law enforcement officials haven’t addressed whether they have any suspects in the intrusion, one prominent target of a past Sony legal attack over a hacking incident denied any involvement in the data theft.

Sony Faces Suits Over PlayStation BreachOn his personal blog, George Hotz, a programmer who was sued by Sony in January after cracking the PlayStation 3 videogame console to let it run homemade software, said: “to anyone who thinks I was involved in any way with this, I’m not crazy, and would prefer to not have the FBI knocking on my door.”

Mr. Hotz settled his case with Sony, but the lawsuit inflamed supporters of his in the hacker community, including a loosely-affiliated group called Anonymous, who previously said they organized attacks on the company’s online properties. Anonymous has also denied involvement in the latest attack on Sony’s network.

A Sony spokesman said there is no evidence Mr. Hotz “had any involvement” in the data theft. “We are working closely with law enforcement agencies, including the FBI, to conduct a thorough investigation and find those responsible for this criminal act,” the spokesman said.

Security researchers said they were tracking claims in Internet discussion forums from people attempting to sell credit card numbers allegedly stolen during the intrusion into Sony’s online game network, though their claims couldn’t be verified.

Kevin Stevens, a security researcher for Trend Micro Inc., published messages on Twitter on Thursday saying that hackers involved in the Sony intrusion are trying to sell the stolen data, including 2.2 million credit cards.

Sony has said it has no evidence customer credit card numbers were stolen, but couldn’t rule out that they had. Mr. Stevens couldn’t be reached for comment. The San Diego office of the Federal Bureau of Investigation, which is looking into the intrusion, didn’t respond to requests for comment.

Officials in states that have laws requiring businesses to notify them of data theft involving their residents have taken notice. Among the 77 million global accounts compromised by the intrusion, more than 780,000 residents of North Carolina were affected, that state’s attorney general said Friday.

A spokesman for attorney general Kamala Harris of California, which also has a data theft notification law, couldn’t confirm the office had been informed how many state residents were affected by the data breach, but is “monitoring the situation.”

Sony hasn’t said what the financial impact from the data intrusion will be.
Larry Ponemon, founder of a firm called the Ponemon Institute that analyzes the costs of data breaches, estimated it could run as much as $1.5 billion, including everything from Sony’s own forensic investigation, to the diversion of Sony personnel from their regular responsibilities to the cost of making amends to customers with free offerings.

Comments are closed

Photo Gallery

Log in | Designed by Connect Pacifica