Sony apologizes for breach, boosts security

TOKYO—Sony on Sunday apologized for a security breach that compromised millions of users, and said it could not rule out the possibility that credit card information was stolen.

Sony executives bowed in apology and said the company would begin restoring its shut-down PlayStation Network and Qriocity online services in the next week as it moved to improve security after the breach hit 77 million accounts.

“This criminal act against our network had a significant impact not only on our consumers, but our entire industry,” said Sony executive deputy president Kazuo Hirai.

“These illegal attacks obviously highlight the widespread problem with cyber security. We take the security of our consumers’ information very seriously and are committed to helping our consumers protect their personal data.”

The electronics giant held an unusual Sunday news conference on the breach, which was feared to have involved the theft of details on 10 million registered credit cards and which Hirai said was carried out “by a skilled intruder”.

“We do not have clear evidence but we also cannot rule out the possibility of credit card data theft,” Hirai told reporters on Sunday. “We have to regain the trust and confidence of our users.”

The breach is a blow for Sony as it focuses on pushing its content such as games and music through hardware platforms such as game consoles, smartphones and tablet computers amid competition from Apple’s iTunes and App store.

The Playstation Network system was launched in 2006 allowing gamers to compete online, stream movies and access other services via the Internet.

Along with the Qriocity streaming music service, it was shut down on April 20 following the breach and has remained offline as the company upgrades security and works with US Federal Bureau of Investigation.

The United States, Britain, Australia and Hong Kong are investigating the theft of personal data which Sony says includes names, gender, addresses, email addresses, birthdays and login passwords for the PlayStation network and Qriocity networks.

By way of compensation, Sony said it would offer customers free downloads and 30 days free premium membership periods for eligible customers. It added it would “support” the process of reissuing customers with new credit cards.

Users have been asked to change their passwords, and are recommended by Sony to “review account statements and to monitor credit card purchase history to protect against possible identity theft or other financial loss”.

Sony added it would also create a new security officer position, boost monitoring to help defend against any new attacks, and offer enhanced levels of data protection and encryption.

The company said it discovered the breach between April 17 and 19 and shut down the network on April 20, but has faced criticism for not disclosing it until a week later.

Sony is being sued in a US court by gamers who have accused it of being negligent and breaching its contracts with PlayStation Network users.

Analysts say Sony, already reeling from the impact on production of Japan’s March 11 earthquake, faces costs in beefing up security and compensating consumers. Its shares fell more than eight percent in Tokyo trade last week.

The breach is also the latest test for Hirai, a longtime executive credited with expanding the firm’s PlayStation Network system.

The day after Hirai was named as the frontrunner to succeed CEO Howard Stringer, Japan was hit by the 9.0 magnitude quake and tsunami, forcing Sony to shut some plants due to supply problems.

Hirai on Sunday said Sony could not yet say how the security breach will impact on its financial performance, but stressed that the “network strategy is one of Sony’s most important initiatives”.

Read more...