According to details from Sony themselves in a letter to congressional subcommittee, Sony was aware that data had been removed from their systems six days before warning customers that accounts had been compromised. All dates and times from Sony's missive to Congress.
April 19, 2011. 4.15pm PDT – Sony Network Entertainment America (SNEA) network team detects unauthorised activity in the network of 130 servers. Specifically, machines were "rebooting when not scheduled to do so". Analysis begins.
April 20, 2011. Early Afternoon – SNEA engineers discover evidence of "unauthorised intrusion" and that data had been removed with PlayStation Network servers. PlayStation Network shut down by engineers, taking 77 million registered PlayStation Network and Qriocity accounts offline. Sony retains service of computer security and forensic consulting firm.
April 21, 2011 – Sony retains services of second computer security and forensic consulting firm.
April 22, 2011 – Nine of 10 compromised servers are mirrored by Sony and security firms. Sony Computer Entertainment America (SCEA) general counsel provides FBI with information about the intrusion. A meeting with the FBI is scheduled for Wednesday, April 27th, 2011.
April 23, 2011. Afternoon – Forensic teams confirm that intruders used "very sophisticated and aggressive techniques to obtain unauthorised access, hide their presence from system administrators, and escalate privileges inside the server."
April 24, 2011. Easter Sunday – Sony retains additional forensic team with "highly specialised skills" to "determine the scope of the data theft".
April 25, 2001 – Teams confirm account details compromised, including name, address, country, email, birthdate, PlayStation Network/Qriocity password, login, handle and network ID, but remain unsure if any of the 12.3 million global credit cards stored on the servers were compromised.
April 26, 2011 – Sony Network Entertainment and Sony Computer Entertainment America provide public notice of the intrusion and alert regulatory authorities in New Jersey, Maryland and New Hampshire.
April 27, 2011 – SCEA alert regulatory authorities in Hawaii, Louisiana, Maine, Massachusetts, Missouri, New York, North Carolina, South Carolina, Virginia and Puerto Rico.
May 3rd, 2011 – Sony Chairman Kaz Hirai sends letter to Congressional Subcommittee on Commerce, Manufacturing, and Trade explaining details of intrusion.