Rob Hull
Rob HullAs many of you know by now, there have been a few problems as of late with Sony’s Playstation Network and Qriocity Systems. What happened and when will it be fixed? Read on for the full story.
It all began on April 20th, when Playstation Network uses noticed some of the features didn’t work. On the same day, Sony posted the Following message on the Playstation Blog.
Update on PSN Service Outages
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
We’re aware certain functions of PlayStation Network are down. We will report back here as soon as we can with more information.
Thank you for your patience.
And so, the waiting began. With no real certainty as to what had happened or why the service was down. Daily updates began as the outage continued.
This appeared on the 21st
Latest Update on PSN Outage
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
While we are investigating the cause of the Network outage, we wanted to alert you that it may be a full day or two before we’re able to get the service completely back up and running. Thank you very much for your patience while we work to resolve this matter. Please stay tuned to this space for more details, and we’ll update you again as soon as we can.
Then this appeared on the 22nd, finally giving some information, but the full story was still not being told.
Update On PlayStation Network/Qriocity Services
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th. Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share.
Daily updates continued. This came on the 23rd.
Latest Update for PSN/Qriocity Services
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
We sincerely regret that PlayStation Network and Qriocity services have been suspended, and we are working around the clock to bring them both back online. Our efforts to resolve this matter involve re-building our system to further strengthen our network infrastructure. Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security.
We thank you for your patience to date and ask for a little more while we move towards completion of this project. We will continue to give you updates as they become available.
On the 25th of April, this update was posted
PSN Update
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
I know you are waiting for additional information on when PlayStation Network and Qriocity services will be online. Unfortunately, I don’t have an update or timeframe to share at this point in time.
As we previously noted, this is a time intensive process and we’re working to get them back online quickly. We’ll keep you updated with information as it becomes available. We once again thank you for your patience.
Then, finally on April 26, an email went out to every user of the Playstation Network and Qriocity, and the full story came out at last. The email text was posted. It is as follows.
Update on PlayStation Network and Qriocity
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.
We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.
Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
- Temporarily turned off PlayStation Network and Qriocity services;
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
- Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:
U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228 begin_of_the_skype_highlighting (877) 322-8228 end_of_the_skype_highlighting .
We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.
Experian: begin_of_the_skype_highlighting 888-397-3742 begin_of_the_skype_highlighting 888-397-3742 end_of_the_skype_highlighting end_of_the_skype_highlighting888-397-3742 ; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: begin_of_the_skype_highlighting 800-525-6285 begin_of_the_skype_highlighting 800-525-6285 end_of_the_skype_highlighting end_of_the_skype_highlighting800-525-6285 ; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: begin_of_the_skype_highlighting 800-680-7289 begin_of_the_skype_highlighting 800-680-7289 end_of_the_skype_highlighting end_of_the_skype_highlighting800-680-7289 ; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at begin_of_the_skype_highlighting 1-877-382-4357 end_of_the_skype_highlighting1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone begin_of_the_skype_highlighting (877) 566-7226 begin_of_the_skype_highlighting (877) 566-7226 end_of_the_skype_highlighting end_of_the_skype_highlighting(877) 566-7226 ; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: begin_of_the_skype_highlighting (888) 743-0023 begin_of_the_skype_highlighting (888) 743-0023 end_of_the_skype_highlighting end_of_the_skype_highlighting(888) 743-0023 ; or www.oag.state.md.us.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 begin_of_the_skype_highlighting 1-800-345-7669 end_of_the_skype_highlighting should you have any additional questions.
Sincerely,
Sony Computer Entertainment and Sony Network Entertainment
Well, to say this email made people nervous would be a massive understatement. After this message came out, a foloow-up message adding clarification was posted.
Clarifying a Few PSN Points
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
I wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.
There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.
For those who were looking there’s also an FAQ with some more frequently asked questions
Thank you for your continued patience and support.
On the 27th and the 28th, A 2 part Q&A were posted by Sony
Q&A #1 for PlayStation Network and Qriocity Services
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
First off, we want to again thank you for your patience. We know that the PlayStation Network and Qriocity outage has been frustrating for you. We know you are upset, and so we are taking steps to make our services safer and more secure than ever before. We sincerely regret any inconvenience or concern this outage has caused, and rest assured that we’re going to get the services back online as quickly as we can.
We received a number of questions and comments yesterday and early today relating to the criminal intrusion into our network. We’d like to address some of the most common questions today.
We are also going to continue to post updates to this blog with any additional information and insight that we can over the next few days.
We are reading your comments. We are listening to your suggestions. Please keep them coming.
Thank you.
Q: Are you working with law enforcement on this matter?
A: Yes, we are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.UPDATE: While we do ask for CSC codes, we do not store them in our database.Q: What steps should I take at this point to help protect my personal data?
A: For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.Q: What if I don’t know which credit card I’ve got attached to my PlayStation Network account?
A: If you’ve added funds to your PlayStation Network wallet in the past, you should have received a confirmation email from “DoNotReply@ac.playstation.net” at the email address associated with your account. This email would have been sent to you immediately after you added the funds, and will contain the first 4 digits and last 4 digits of your credit card number. You can also check your previous credit card statements to determine which card was attached to your PlayStation Network or Qriocity accounts.Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.Q: Have all PlayStation Network and Qriocity users been notified of the situation?
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit www.us.playstation.com/support and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.Q: Has Sony identified the party or parties responsible for the PlayStation Network hack and subsequent theft of personal information?
A: We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located.Q: When will the PlayStation Network and Qriocity be back online?
A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.
Q&A #2 for PlayStation Network and Qriocity Services
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
Yesterday, we addressed a number of your questions relating to the malicious intrusion into our network. You can find that FAQ here. As we get closer to restoration of service, here are more answers to your questions, many of which are more gaming related:
Q: Will our download history/friends list/settings be affected by the PSN downtime?
A: No, they will not.Q: Will trophies that were earned in single-player offline games during the outage be intact when the service resumes?
A: These trophies are intact and will be re-synched when the network is once again operational.Q: Will my PS+ cloud saves be retrievable?
A: Yes, once PSN is restored.Q: What if we have a subscription to PS3 MMOs DC Universe Online or Free Realms? Will we get compensation for that?
A: From Sony Online Entertainment: “We apologize for any inconvenience players may have experienced as a result of the recent service interruption. As a global leader in online gaming, SOE is committed to delivering stable and entertaining games for players of all ages. To thank players for their patience, we will be hosting special events across our game portfolio. We are also working on a “make good” plan for players of the PS3 versions of DC Universe Online and Free Realms. Details will be available soon on the individual game websites and forums.”Q: Will there be a goodwill gesture for the time we haven’t been able to utilize PSN/Qriocity?
A: We are currently evaluating ways to show appreciation for your extraordinary patience as we work to get these services back online.
April 30th brought the first news of service restoration, via this update
Press Release: Some PlayStation Network and Qriocity Services to be Available This Week
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
SOME PLAYSTATION®NETWORK AND QRIOCITY™ SERVICES TO BE AVAILABLE THIS WEEK
Phased Global Rollout of Services to Begin Regionally;
System Security Enhanced to Provide Greater Protection of Personal Information
Tokyo, May 1, 2011 – Sony Computer Entertainment (SCE) and Sony Network Entertainment International (SNEI, the company) announced they will shortly begin a phased restoration by region of PlayStation®Network and Qriocity™ services, beginning with gaming, music and video services to be turned on. The company also announced both a series of immediate steps to enhance security across the network and a new customer appreciation program to thank its customers for their patience and loyalty.
Following a criminal cyber-attack on the company’s data-center located in San Diego, California, U.S.A., SNEI quickly turned off the PlayStation Network and Qriocity services, engaged multiple expert information security firms over the course of several days and conducted an extensive audit of the system. Since then, the company has implemented a variety of new security measures to provide greater protection of personal information. SNEI and its third-party experts have conducted extensive tests to verify the security strength of the PlayStation Network and Qriocity services. With these measures in place, SCE and SNEI plan to start a phased rollout by region of the services shortly. The initial phase of the rollout will include, but is not limited to, the following:
- Restoration of Online game-play across the PlayStation®3 (PS3) and PSP® (PlayStation®Portable) systems
-This includes titles requiring online verification and downloaded games - Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers
- Access to account management and password reset
- Access to download un-expired Movie Rentals on PS3, PSP and MediaGo
- PlayStation®Home
- Friends List
- Chat Functionality
Working closely with several outside security firms, the company has implemented significant security measures to further detect unauthorized activity and provide consumers with greater protection of their personal information. The company is also creating the position of Chief Information Security Officer, directly reporting to Shinji Hasejima, Chief Information Officer of Sony Corporation, to add a new position of expertise in and accountability for customer data protection and supplement existing information security personnel. The new security measures implemented include, but are not limited to, the following:
- Added automated software monitoring and configuration management to help defend against new attacks
- Enhanced levels of data protection and encryption
- Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
- Implementation of additional firewalls
The company also expedited an already planned move of the system to a new data center in a different location that has been under construction and development for several months. In addition, PS3 will have a forced system software update that will require all registered PlayStation Network users to change their account passwords before being able to sign into the service. As an added layer of security, that password can only be changed on the same PS3 in which that account was activated, or through validated email confirmation, a critical step to help further protect customer data.
The company is conducting a thorough and on-going investigation and working with law enforcement to track down and prosecute those responsible for the illegal intrusion.
“This criminal act against our network had a significant impact not only on our consumers, but our entire industry. These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers’ information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks,” said Kazuo Hirai, Executive Deputy President, Sony Corporation. “Our global audience of PlayStation Network and Qriocity consumers was disrupted. We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation program for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services.”
Complimentary Offering and “Welcome Back” Appreciation Program
While there is no evidence at this time that credit card data was taken, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.
The company will also rollout the PlayStation Network and Qriocity “Welcome Back” program, to be offered worldwide, which will be tailored to specific markets to provide our consumers with a selection of service options and premium content as an expression of the company’s appreciation for their patience, support and continued loyalty.
Central components of the “Welcome Back” program will include:
- Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
- All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
- Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service.
Additional “Welcome Back” entertainment and service offerings will be rolled out over the coming weeks as the company returns the PlayStation Network and Qriocity services to the quality standard users have grown to enjoy and strive to exceed those exceptions.
SNEI will continue to reinforce and verify security for transactions before resuming the PlayStation®Store and other Qriocity operations, scheduled for this month.
For more information about the PlayStation Network and Qriocity services intrusion and restoration, please visit http://blog.us.playstation.com. or http://blog.eu.playstation.com/
About Sony Corporation
Sony Corporation is a leading manufacturer of audio, video, game, communications, key device and information technology products for the consumer and professional markets. With its music, pictures, computer entertainment and on-line businesses, Sony is uniquely positioned to be the leading electronics and entertainment company in the world. Sony recorded consolidated annual sales of approximately $78 billion for the fiscal year ended March 31, 2010. Sony Global Web Site: http://www.sony.net/
About Sony Computer Entertainment Inc.
Recognized as the global leader and company responsible for the progression of consumer-based computer entertainment, Sony Computer Entertainment Inc. (SCEI) manufactures, distributes and markets the PlayStation® game console, the PlayStation®2 computer entertainment system, the PSP® (PlayStation®Portable) handheld entertainment system and the PlayStation®3 (PS3®) system. PlayStation has revolutionized home entertainment by introducing advanced 3D graphic processing, and PlayStation 2 further enhances the PlayStation legacy as the core of home networked entertainment. PSP is a handheld entertainment system that allows users to enjoy 3D games, with high-quality full-motion video, and high-fidelity stereo audio. PS3 is an advanced computer system, incorporating the state-of-the-art Cell processor with super computer like power. SCEI, along with its subsidiary divisions Sony Computer Entertainment America Inc., Sony Computer Entertainment Europe Ltd., and Sony Computer Entertainment Korea Inc. develops, publishes, markets and distributes software, and manages the third party licensing programs for these platforms in the respective markets worldwide. Headquartered in Tokyo, Japan, SCEI is an independent business unit of the Sony Group.
This past Monday, May 2nd, brought the following security update
PlayStation Network Security Update
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
On Tuesday, April 26 we shared that some information that was compromised in connection with an illegal and unauthorized intrusion into our network. Once again, we’d like to apologize to the many users who were inconvenienced and worried about this situation.
We want to state this again given the increase in speculation about credit card information being used fraudulently. One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list.
One other point to clarify is from this weekend’s press conference. While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form. For a description of the difference between encryption and hashing, follow this link.
To reiterate a few other security measures for your information: Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.
We continue to work with law enforcement and forensic experts to identify the criminals behind the attack. Once again, we apologize for causing users concern over this matter.
Our objective is to increase security so our customers can safely and confidently play games and use our network and media services. We will continue to provide updates as we have them.
Because the incident’s primary crime was data theft, the U.S. House of Representatives weighed in, requesting that Sony testify before the the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce. Sony denied this request, but did offer to provide written answers to questions posed. And, as a result, on Wednesday, we have this update.
Sony’s Response to the U.S. House of Representatives
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
Today, the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce held a hearing in Washington, DC on “The Threat of Data Theft to American Consumers.”
Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the subcommittee about the large-scale, criminal cyber-attack we have experienced. We wanted to share those answers with you (click here).
In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:
- Act with care and caution.
- Provide relevant information to the public when it has been verified.
- Take responsibility for our obligations to our customers.
- Work with law enforcement authorities.
We also informed the subcommittee of the following:
- Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
- We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
- By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
- As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
- Protecting individuals’ personal data is the highestpriority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
- We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.
We told the subcommittee about our intent to offer complimentary identity theft protection to U.S. account holders and detailed the “Welcome Back” program that includes free downloads, 30 days of free membership in the
PlayStation Plus premium subscription service; 30 days of free service for Music Unlimited subscribers; and extending PlayStation Plus and Music Unlimited subscriptions for the number of days services were unavailable.
We are working around the clock to have some PlayStation Network services restored and we’ll be providing specific details shortly. We hope this update is helpful to you, and we will continue to keep you posted as we work to restore our network and provide you with both the entertainment and the security you deserve.
Finally, today, light began to appear at the end of the tunnel. Three updates were posted today. Here is the first
Important Step for Service Restoration
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
Today our global network and security teams at Sony Network Entertainment and Sony Computer Entertainment began the final stages of internal testing of the new system, an important step towards restoring PlayStation Network and Qriocity services.
As previously mentioned, we’ve been working around the clock to rebuild the network and enhance protections of your personal data. It’s our top priority to ensure your data is safe when you begin using the services again.
We understand that many of you are eager to again enjoy the PlayStation Network and Qriocity entertainment services that you love, so we wanted you to be aware of this milestone and our progress. We will provide additional updates as soon as we can.
Sony, also wanted to offer additional protection for the future, in another goodwill gesture detailed in message #2
Sony Offering Free ‘AllClear ID Plus’ Identity Theft Protection in the United States through Debix, Inc.
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
Last weekend, Sony Computer Entertainment announced that we will provide complimentary enrollment in an identity theft protection program. Here are the details of this program for PlayStation Network and Qriocity account holders in the United States only. We are working to make similar programs available in other countries/territories where applicable. Information will be posted on local websites/blogs when available.
Sony Computer Entertainment and Sony Network Entertainment International have made arrangements with Debix, Inc., one of the industry’s most reputable identity protection firms, to offer AllClear ID Plus at no cost to PlayStation Network and Qriocity account holders for 12 months from the time an account holder registers for the program.
Please note that we will start sending out activation emails for this program over the next few days, and you will have until June 18th to sign-up and redeem your code. You will need to sign up directly through AllClearID, not on Sony’s websites, and details, including step-by-step instructions for the program, will be emailed to United States PSN and Qriocity Account holders soon.
The details of the program include, but are not limited to:
- Cyber monitoring and surveillance of the Internet to detect exposure of an AllClear ID Plus customer’s personal information, including monitoring of criminal web sites and data recovered by law enforcement. If his/her personal information is found, the customer will be alerted by phone and/or email and will be provided advice and support regarding protective steps to take. The customer will also receive monthly identity status reports. Debix works with an alliance of cyber-crime experts from the government, academia and industry to provide these services.
- Priority access to licensed private investigators and identity restoration specialists. If an AllClear ID Plus customer receives an alert, or otherwise suspects that he/she may be the victim of identity theft, the customer can speak directly, on a priority basis, with an on-staff licensed private investigator, who will conduct a comprehensive inquiry. In the case of an identity theft, the customer can work with an identity restoration specialist to contact creditors and others, and take necessary steps to restore the customer’s identity.
- A $1 million identity theft insurance policy per user to provide additional protection in the event that an AllClear ID Plus customer becomes a victim of identity theft. This insurance would provide financial relief of up to $1 million for covered identity restoration costs, legal defense expenses, and lost wages that occur within 12 months after the stolen identity event.
More information will be available on the enrollment page, a link which will be included in the email you will receive.
We continue to work around the clock to have some PlayStation Network services and Qriocity services restored, and will be providing you specific details shortly.
Thank you.
Finally, after all of this, the President of Sony Computer Entertainment America, Howard Stringer, posted a personal letter today.
A Letter from Howard Stringer
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
Please see below for a letter from Howard Stringer:
Dear Friends,
I know this has been a frustrating time for all of you.
Let me assure you that the resources of this company have been focused on investigating the entire nature and impact of the cyber-attack we’ve all experienced and on fixing it. We are absolutely dedicated to restoring full and safe service as soon as possible and rewarding you for your patience. We will settle for nothing less.
To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely. We are also moving ahead with plans to help protect our customers from identity theft around the world. A program for U.S. PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user was launched earlier today and announcements for other regions will be coming soon.
As we have announced, we will be offering a “Welcome Back” package to our customers once our PlayStation Network and Qriocity services are up and running. This will include, among other benefits, a month of free PlayStation Plus membership for all PSN customers, as well as an extension of subscriptions for PlayStation Plus and Music Unlimited customers to make up for time lost.
As a company we — and I — apologize for the inconvenience and concern caused by this attack. Under the leadership of Kazuo Hirai, we have teams working around the clock and around the world to restore your access to those services as quickly, and as safely, as possible.
I know some believe we should have notified our customers earlier than we did. It’s a fair question. As soon as we discovered the potential scope of the intrusion, we shut down the PlayStation Network and Qriocity services and hired some of the best technical experts in the field to determine what happened. I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken.
As a result of what we discovered we notified you of the breach. Our investigation is ongoing, and we are upgrading our security so that if attacks like this happen again, our defenses will be even stronger.
In the last few months, Sony has faced a terrible earthquake and tsunami in Japan. But now we are facing a very man-made event – a criminal attack on us — and on you — and we are working with the FBI and other law enforcement agencies around the world to apprehend those responsible.
In the coming days, we will restore service to the networks and welcome you back to the fun. I wanted to personally reach out and let you know that we are committed to serving you to the very best of our ability, protecting your information better than ever, and getting you back to what you signed up for – all the games and great entertainment experiences that you expect from Sony.
With best regards,
Howard Stringer
And so, we come to the present. As updates are posted I will update this post. I can’t wait until they catch the culprit. I’m sure people will be dying to know why and how they hacked The Playstation Network, and I know that everyone who was affected is eager to see them get their punishment.
