In this morning's news conference, Sony Computer Entertainment head Kazuo Hirai said the company would consider covering costs associated with reissuing credit cards to PlayStation Network subscribers who feel their accounts have been compromised by the massive data breach of April 20.
Hirai, noting that there have been no confirmed incidents in which fraud was committed with a credit card number stolen from the PSN breach, said the company has asked the FBI for a criminal investigation of the matter.
While there are 77 million accounts in the PlayStation Network, some are are held by the same household or person. Hirai said the owners of 10 million PSN accounts have been notified that their credit card information may have been compromised. However, the three-digit CVV number on the back of the card, required for purchases over the Internet, was definitely not compromised.
The replacement of a lost or stolen credit card is typically done for a customer for free, but to banks there is a cost of printing, processing and mailing the cards, plus a cost of lost business while the customer waits for a new one. Earlier in the week, news reports pegged the transactional costs of card replacement at between $US3 and $US5 per card. It's unclear who Sony would compensate, if it does, or if enough cardholders will ditch their cards to make it an issue that banks complain about to Sony.
Also in comments at this morning's news conference in Japan:
• Hirai apologized to Sony customers. "We would like to extend our apologies ... because potentially compromised their customer data," Hirai said, according to Gamasutra. "We offer our sincerest apologies."
• Hirai called out Anonymous by name. While he did not accuse the leaderless hacktivist collective of being behind this breach, Hirai noted past attacks for which Anonymous hackers did claim responsibility, including the publshing of personal information about Sony's top management, including information about their children.
• Hirai answered why Sony did not inform its users about the breach sooner. He said Sony shut down the network to prevent any further damage, then hired three companies to analyse the network. The size of the analysis and the gradual nature of the investigation, plus the time it took to wind down PSN to be ready for that examination, accounts for the delay, Hirai said.
• Hirai noted that. in light of the attack on Sony's San Diego data centre, those operations are being moved to a new, undisclosed location. He also promised enhanced security to defend against any new attacks.