The network, which serves as an e-commerce and online gaming platform for the PlayStation 3, has been offline for more than a week after Sony discovered an intruder broke through its cyber defenses and into the network. The service remains unavailable and Sony has warned its 77 million subscribers that their personal information may have been leaked, including, potentially, credit card numbers.
A subcommittee of the House of Representatives' Committee on Energy and Commerce sent a letter to Sony on Friday that seeks answers to many of the same questions that Sony's users have about the attack and the company's response.
Chief among those is Sony's apparent slowness in taking the network offline and informing customers. The company said it became aware of an intrusion on April 19 but didn't take the network offline until a day later. It didn't publicly acknowledge an attack until April 22, and only on April 26 did it warn customers their information may have been stolen.
The letter, a copy of which is on the committee's website, also seeks answers to other questions, including whether the account data of all customers was stolen, or just subset; how the breach occurred; and if Sony has identified those responsible.
"Sony's public statements suggest there is no evidence credit card data was taken, but such a scenario cannot be ruled out," the letter says. "Given the amount and nature of the personal information known to have been taken, the potential harm that could be caused if credit card information was also taken would be quite significant."
The letter is addressed to Kaz Hirai, chairman of Sony's U.S. gaming unit. Hirai also heads Sony's global gaming operations.
The subcommittee on Commerce, Manufacturing and Trade expects to introduce legislation on data security later this year and plans to meet May 4 to discuss data theft issues. It is seeking Sony's response as part of those discussions.
Source: IDG
