Sony Didn't Know Severity Of PS3 Breach Until Monday

While Sony discovered that hackers had broken into their PlayStation Network on April 19, it wasn't until nearly a week later that the company understood the full scope of the breach, a Sony official tells Kotaku.

The company learned that customer data was stolen on Monday, only after an outside security firm conducted days of forensic analysis, Sony said.

US Senator Richard Blumenthal publicly questioned today Sony's failure to "immediately notify affected customers of the breach and to extend adequate financial data security protections".

The letter, written to Sony Computer Entertainment of America president Jack Tretton, echoes the concerns of Playstation Network members who have been increasingly bothered by the lack of information from Sony.

Speaking to Kotaku tonight, SCEA spokesman Patrick Seybold said the company alerted customers as soon as they were able.

"There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised," Seybold said. "We learned there was an intrusion April 19th and subsequently shut the services down.

"We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon."

About 4pm EST (6am AEST) on Tuesday, Sony started notifying their PlayStation Network members that private data including names, addresses and perhaps passwords were stolen from Sony's database. The company doesn't believe credit card data was stolen, but isn't positive it is secure.


Comments

    I'm calling BS and a cover up on this one. They SHOULD have informed users on the 19th that they were shutting things down due to a possible breach of security and to defend personal information of the users.

    At this stage user are more upset of the lack of information, and especially when this type of information should have been out there ASAP, not a week later under a "we didn't know" cover up

    So it was nearly a week since noticing the intrusion but only a day after being notified by the contracted security company, so I should feel better about that?

    Why hasn't Jack Tretton stepped down yet? Or is he going to wait another week before telling us that too?

    I agree with the cover up call.

    I think they were trying to leave it as long as they could without admitting there had been a breach in security.

    'Nah, maybe it wasn't a breach, check again. Should we tell them? Ummm.... nah, just give it a bit longer.'

    I'm OK with the network being pulled down for legitimate reasons, but I'm not OK with not being told why for nigh on a week. Same principle applies for just about anything - I don't care how long it takes (within reason) just tell me what's going on.

    I was amused, however at the response from some people. 'Oh my God, I just spent 3 hours restarting my modem and PS3 - PSN still doesn't work!' /wrists *fetal position*

    'If it doesn't come back up soon, I'm going to buy an Xbox 360!'

      i garuntee this isn't the first time this has happened with people's data on any platform and they didn't inform anyone until they were 80% sure what had happened.

      If you run out everytime someone attacks your network saying oh all your data is gone when it might not be your gonna go down the toilet alot faster than being cautious

    Yes all company's with possible security breaches should immediately tell you all your data and credit card was maybe stolen! Hey LIVE customers you data was maybe stolen! Hey everyone with a Tax File Number - your information was maybe stolen!

    ill take it at face value that an external firm took a week to completely access the information and if they are accurate then it was your name, username, address and possibly PSN password stolen. So change your PSN password and hope that someone else knowing your name and address doesn't hurt too much.

    They wernt confidnt to inform people there might be a breach of personal infomating.

    Lets take a look at what they were confident in doing. they were confident in taking the entire PSN down, with no time frame or warning with major incontinence to many of there partners(game developers) and damaging their reputation with there customers and losing money in sales, was the best course of action to minimise damage.
    yet they were not confident enough to issue a warning to there customers that there information might be compromised and they should take appropriate action.

    Either they are bullshitting or complete and utter morons.

      Personal informating! Major incontinence!

      In all seriousness, I hate doing anything on the internet related to my bank accounts. Bloody hate it. But, y'know, it's the cheapest way to get things. That's why I always just buy the cards with the codes in.

      Unfortunately I occasionally buy them from online stores, thus negating the actual security itself...

      I thought that Sony took PSN down because of an "external intrusion". Doesn't that imply security breach anyway?

    I still have not received any threat or breach notice from PS3, I am totally ticked that the upper management meaning CEO,COO, VP, or Marketing Executive have not contacted their clients. I feel we need to SUE PS3 for lack of security , lack of acknowledgement and for taking away our choices of OS to use with PS3 that is why I purchased the PS3 in the first place and then 2 years later they took away my right. PISSED OFF people lets SUE the CEO and upper EXECUTIVES NOW

      So what your saying is that I should sue i should sue the police because my car got broken into or that i should sue mcdonalds because they don't sell mega macs anymore...

    So...
    I know this is kind of off topic, but:

    What's up with the picture? I love pancakes too, but really, Playstation, I wouldn't agree with your choice of image in this context.

    What? They need a full appraisal to announce the possibility that people's credit cards are compromised? Fuck off! If it even smells like it then they should announce it immediately.

    What happens if I watch a friend murder someone but don't go to the police for a week? I think there needs to be an inquiry into why it took a whole fucking week.

    I'll bet they held off as long as they could because they knew it would deep-six their stock price. More loyalty to shareholders than common decency.

    PENIS! THAT IS ALL!

    well thanks a hell of alot there sony i just found out my credit card and personal info has been breached and you had the gull to say it was a system shutdown and now guess what i have already had my credit card company call me telling me there has been 4 attempts to get info on it and used so thanks alot for screwing me and all the others on this crap game system and at this point i have sold that piece of crap and bought a xbox and will be joining the class action suite against you i wasted a ton of cash buying this junk box and downloading games and trusted you to keep my personal info safe come to find out you lied and tryed to hide the fact there was a breach and now you think im going to trust anything you say or do i think not you are a scum bag company who lied to all of us just to try to keep your name clean well it made it worse than ever i have sold mine and i have around 8 other friends who are doing the same thing and now going to xbox i sold mine and have taken a big loss on this as this was my kids christmas gift and spent well over 200+ on downloadable games,mappacs and disks and got not even half doe the crappy system exspecially now no one wants to pay crap for them since this has happened they do not trust you and pawn shops where i stay will not even touch them now so thanks for screwing me and exspecially my kids you guys are lower than low to hide the fact of the breach you should have let us all know as soon as you knew so we could keep our identity safe and personal info and credit card info but now i am getting valls and emails asking for personal info like my ss number or the one i like the best is one from supposedly you guys asking me to update my info or my account will be suspended and to give my crdit card info to reactivate my account and no i did not fall for it but i did get warnings from my credit card that they have been hit 3 times from someone in the uk trying to get my info and have a new card sent to them in the uk so thanks a hell of alot for screwing me up and now more of a headache to worry about trying to protect my ass and personal info and as soon as that suite comes out i will have no prob sighning up for it and not happy i lost out so much cash selling this junk box i paid a arm and a leg for and i will never ever buy another sony product or ps3 ever again i dont care how cool they are or if you fix the problem i now can not trust this company and will not chance haveing to go thru this bs again my son was heartbroken as he loved his ps3 so you can exsplain to him why i had to get rid of the damn thing and let him know its due to your neglect in keeping us informed on a breach and see if he will understand i dougbt it and this just shows me you do not care about anything but your bottom line and your rep screw the people who got you there by buying this junk first they yylod then they get a breach i have had it with sony i would not buy another sony made item as long as i live no psp,ps3 ,tv or anything else that has the sony name on it .worst customer service i have ever exsperianced kept me on hold 2 hrs when i was calling to find out what the hell to do you left me hanging for 2 damn hrs on the phone and never called back as your so called rep promised they would you guys suck major and i regret ever buying a ps3.

Join the discussion!

Trending Stories Right Now