Sony executives on Sunday apologised to millions of online gamers following the breach of its network by hackers and outlined proposals to overhaul the company’s security systems.
The Japanese corporation also revealed that 10m users had used their credit cards on the PlayStation Network online gaming platform, to purchase games and other downloadable content such as music and films, but tried to reassure its mainly US members by saying the chances that card data had been accessed was low.
Kazuo Hirai, head of the Japanese group’s networked products division, which includes the PlayStation franchise, said he was “deeply sorry for the great anxiety and trouble” inflicted on the network’s 77m users, whose names, e-mail addresses, passwords and other personal information were exposed to an unknown hacker.
The apology follows demands on Friday from members of the US Congress that Sony explain when it knew of the breach, which forced it to shut down large parts of the US-based online gaming network, and why they took several days to notify customers.
Sony said it remained unclear exactly how much if any data had been copied by the hacker before the shutdown, but repeated that there was no evidence that customers’ credit card information had been obtained.
Shinji Hasejima, the company’s chief information officer, said card data were kept in a separate, more secure part of Sony’s database. “We think the chances that credit card data were taken are low,” he said.
The company unveiled a series of measures to reduce the risk of further security breaches of the network and Mr Hirai promised to restore many of the functions on the online gaming platform by the end of this week. The company said it planned to move PSN customer data to a new and more secure data centre.
It also plans to create a chief information security officer position to oversee data protection, and to add new firewalls, encryption and monitoring systems to its existing servers.
Sony confirmed the US Federal Bureau of Investigation had begun a criminal probe into the cyberattack. Mr Hasejima said Sony’s initial investigation had determined that the hacker had penetrated its security through a weakness in the PSN’s application server, an intermediate data server between the open, public internet and Sony’s private data server.
Mr Hirai, who has been identified as the likely successor to president Sir Howard Stringer, added it was too early to estimate the financial impact for Sony of the breach – costs will include lost sales, possible compensation and security improvements. One lawsuit has already been filed by users in the US, which has the highest number of PSN account holders at 31m.
Separately, Amazon issued an apology and explanation for the outage of its web services that last week took down several high profile sites.
Additional reporting by David Gelles in New York and Joseph Menn in San Francisco