Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, has answered to the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce in a hearing in Washington, DC on "The Threat of Data Theft to American Consumers."
In his written response (available here), Hirai outlined the four principles Sony is following while dealing with the whole incident:
- 1. Act with care and caution.
- 2. Provide relevant information to the public when it has been verified.
- 3. Take responsibility for our obligations to our customers.
- 4. Work with law enforcement authorities.
In his written response, Hirai insisted that Sony has been "the victim of a very carefully planned, very professional, highly sophisticated criminal cyber-attack." The Sony chairman then hinted that the famous hacking collective, Anonymous, is behind the attack as evident by the fact that they left a file named "Anonymous" containing the words "We are Legion" on one of the compromised servers.
Hirai also noted that Sony's forensic teams confirmed the intrusion on April 25th and the company notified the public about it on the next day, April 26th. He then asserted that major credit card companies have not reported any fraudulent transactions that they believe are the direct result of the PSN attack.
Finally, Hirai assured the subcommittee that Sony is taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.