Sony executives apologize for PlayStation security breach
Data from 10 million credit cards believed to be involved, as well as personal information.
TOKYO -- Sony executives bowed in apology Sunday for a security breach in the company's PlayStation Network that compromised the personal data of some 77 million accounts on the online service.
"We deeply apologize for the inconvenience we have caused,'' said Kazuo Hirai, chief of Sony Corp.'s PlayStation video game unit, who was among the three executives who held their heads low for several seconds at the company's Tokyo headquarters in the traditional style of a Japanese apology.
Hirai said parts of the service would be back this week and that the company would beef up security measures. But he and other executives acknowledged that not enough had been done in security precautions, and promised that the company's network services were under a basic review to prevent a recurrence.
Hirai said the FBI and other authorities had been contacted to start an investigation into what the company called "a criminal cyber attack'' on Sony's data centre in San Diego, Calif.
Sony said account information, including names, birth dates, email addresses and log-in information, was compromised for players using its PlayStation Network. Hirai asked all users to change their passwords.
Hirai reiterated what the company said last week -- that even though it had no direct evidence the data were even taken, it cannot rule out the possibility.
He said data from 10 million credit cards were believed to be involved, and that Sony still does not know whether information was stolen.
Sony has added software monitoring and enhanced data protection and encryption as new security measures, he said. The company said it would offer ""welcome back'' freebies such as complimentary downloads and 30 days of free service around the world to show remorse and appreciation.
"I see my work as first making sure Sony can regain the trust from our users,'' Hirai said.
The network, which serves both the PlayStation video game machines and Sony's Qriocity movie and music services, has been shut down since April 20. It is a system that links gamers worldwide in live play, and also allows users to upgrade and download games and other content.
Hirai said Sony suspected it was under attack by hackers starting April 17.
According to Sony, of the 77 million PlayStation Network accounts, about 36 million are in the U.S. and elsewhere in the Americas, while 32 million are in Europe and 9 million in Asia, mostly in Japan.
Pressure is mounting on Sony to restore services and compensate players.
U.S. lawmakers have sent a letter to Hirai demanding answers by May 6 about the security breach and Sony's response.
Hirai said he had read the online version of the letter and would answer the questions as soon as possible.
Last month, U.S. lawyers filed a lawsuit against Sony on behalf of lead plaintiff Kristopher Johns for negligent protection of personal data and failure to inform players in a timely fashion that their credit card information may have been stolen. The lawsuit seeks class-action status.
Hirai said the network problems would not hurt or delay Sony's product plans, including a tablet device that looks like Apple's iPad, an upgrade to the PlayStation Portable and a gradual global rollout of the Qriocity service.
Hirai also denied Sony had purposely held off on releasing information about network problems, a criticism that some have expressed.
He said the service was shut down to prevent damage, and that time was needed to find out what had happened and who was responsible.
But Yoh Mikami, a writer specializing in electronic security in Japan, said Sony's network business had suffered a serious blow as people were seeing its reliability as plunging. He said Sony also waited too long, more than a week, to tell users what had happened.
"What became clear today is that Sony didn't even know its server had a vulnerability,'' said Mikami. "Sony's crisis management came too little, too late.''