US Congress seeks answers from Sony on Playstation Network cyber attacks

A subcommittee of the US House of Representatives is demanding that Sony answer tough questions related to the cyber attacks on the Playstation Network that forced the shutdown of the network's servers. According to the New York Times, the Subcommittee on Commerce, Manufacturing, and Trade wants Sony to answer 13 specific questions about the cyber attack and related matters. Sony has until Friday, May 6 to respond to the subcommittee's questions.

The letter, which can be read in full on the New York Times web site, does ask several questions that Sony has already answered. However, it also brings up some tough questions that Sony has yet to respond to. One of them is,

"Your statement indicated you have no evidence at this time that credit card information was obtained yet you cannot rule out that possibility. Please explain why you do not believe credit card information was obtained and why you cannot determine if the data was in fact taken."

Sony has said repeatedly that there is no evidence that credit card numbers for Playstation Network users had in fact been taken from the cyber attacks that occurred on April 20. It has also said that the credit card info was encrypted, unlike the personal info that Sony has admitted was in fact taken during the cyber attacks. However, it is still urging users to check their credit card and account statements to make sure their accounts are not being used by outsiders.

Meanwhile, the Playstation Network itself is still down two weeks after the cyber attacks. Sony has pledged to restore at least some services for its customers later this week. However, as we reported on Monday, the cyber attacks have now affected the PC MMO business of Sony Online Entertainment. That division shut down its servers on Monday and admitted later that day that personal info was obtained from its servers. It also admitted that a small number of older credit card numbers from overseas customers were taken but that the current credit card info for the vast majority of its customers remains safe.

Report a problem with article
Previous Story

APB Reloaded open beta begins on May 18

Next Story

Fallout New Vegas' final three DLC mini-expansions revealed

26 Comments

View more comments

JTA said,
I guess it was only a matter of time until congress stuck their big noses into the situation :-\

How exactly is that a bad thing? This is actually what out politicians should be doing: looking out for it's citizens and reprimanding companies who don't take security seriously enough. Even if this is only for brownie points to the politicians, it still puts pressure on Sony and sets an example for anyone else who may be taking security too lightly

Xenosion said,

How exactly is that a bad thing? This is actually what out politicians should be doing: looking out for it's citizens and reprimanding companies who don't take security seriously enough. Even if this is only for brownie points to the politicians, it still puts pressure on Sony and sets an example for anyone else who may be taking security too lightly
+1 This is good.

Xenosion said,

How exactly is that a bad thing? This is actually what out politicians should be doing: looking out for it's citizens and reprimanding companies who don't take security seriously enough. Even if this is only for brownie points to the politicians, it still puts pressure on Sony and sets an example for anyone else who may be taking security too lightly

I'm Not quite sure if Lassiez-Faire is effective in this situation but in a way it kind of is... No?

JTA said,
I guess it was only a matter of time until congress stuck their big noses into the situation :-\

As well they should have. Sony can't seem to confirm anything with regards to this attack. If my credit card information was in that database, I'd want to know what was going on, and particularly how such a thing could even happen. Security is an important part of business that some companies seem to disregard...

JTA said,
I guess it was only a matter of time until congress stuck their big noses into the situation :-\

OMG, have you ever watched CSPAN, EVER?

The crap they talk about, and bring to the floor in the House is often somewhere between crazy/evil and talking about anything that looks good to people donating to their campaign.

If more people watched CSPAN, they would demand new campaign laws that don't let anyone spend money, and just pays each media venue a flat amount to give the canidates equal time.

Got an email from Sony today, I'm sure many others did too

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes)

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

Doesn't bother me so much as any cards I would have had on there would now be long expired, but the rest of the data that got picked up could be a pita

It would not surprise me to see some sort of Data Protection case taken up against Sony over all this, however I do not expect it

Quote: "is demanding that Sony answer tough questions"

Whats so tough about answering questions? Making it sound like it completely Sony's fault, no system on Earth is 100% secure unless there in no connection to the internet. And even then its not 100% secure since employees have access... The only thing that's 100% secure is YOUR OWN machine thats NEVER hooked up to the internet and YOU are the only person that ever touches it.

rippleman said,
Whats so tough about answering questions? Making it sound like it completely Sony's fault, no system on Earth is 100% secure unless there in no connection to the internet. And even then its not 100% secure since employees have access... The only thing that's 100% secure is YOUR OWN machine thats NEVER hooked up to the internet and YOU are the only person that ever touches it.

It's not so much that it *can* happen, but it did, and at a massive scale, and then took quite a while to come clean on what was stolen. What do you think would be fair, an "oops my bad" from Sony and just pretend that it didn't happen?

rippleman said,
Quote: "is demanding that Sony answer tough questions"

Whats so tough about answering questions? Making it sound like it completely Sony's fault, no system on Earth is 100% secure unless there in no connection to the internet. And even then its not 100% secure since employees have access... The only thing that's 100% secure is YOUR OWN machine thats NEVER hooked up to the internet and YOU are the only person that ever touches it.

False, it can still get stolen. The only machine that is %100 secure is one that does not exist

This isn't about it being completely unbreakable, more of "Did Sony do everything they should have to protect the data, within the realms of reason"

rippleman said,
Quote: "is demanding that Sony answer tough questions"

Whats so tough about answering questions? Making it sound like it completely Sony's fault, no system on Earth is 100% secure unless there in no connection to the internet. And even then its not 100% secure since employees have access... The only thing that's 100% secure is YOUR OWN machine thats NEVER hooked up to the internet and YOU are the only person that ever touches it.


Networks are vulnerable, always. What Sony is guilty of is not doing enough. No one can rightly say they are completely innocent in this. They have a responsibility to their customers to protect their data. Proper planning would prevent something like this from happening at such a massive scale. This should have been noticed earlier. Proper restrictions should be put in place to prevent such massive theft of data. All of this is ultimately Sony's fault. Companies everywhere need to have accountability for things like this.

Xenosion said,

Networks are vulnerable, always. What Sony is guilty of is not doing enough. No one can rightly say they are completely innocent in this. They have a responsibility to their customers to protect their data. Proper planning would prevent something like this from happening at such a massive scale. This should have been noticed earlier. Proper restrictions should be put in place to prevent such massive theft of data. All of this is ultimately Sony's fault. Companies everywhere need to have accountability for things like this.

I'm sure Sony will make it right without the help of congress. Who is going to buy anything from them after this? If I was part of PSN and they don't do anything to make it right, I sure wouldn't. If they make it right, and then make sure everybody knows they fixed the issue, I MIGHT buy from Sony again. That's the beauty of the free market. If you don't sell anything good, your going to fail. If you don't take care of customers, your going to fail. The government really doesn't need to get involved in this IMO (unless they also want to learn what happend)...

bguy_1986 said,

I'm sure Sony will make it right without the help of congress. Who is going to buy anything from them after this? If I was part of PSN and they don't do anything to make it right, I sure wouldn't. If they make it right, and then make sure everybody knows they fixed the issue, I MIGHT buy from Sony again. That's the beauty of the free market. If you don't sell anything good, your going to fail. If you don't take care of customers, your going to fail. The government really doesn't need to get involved in this IMO (unless they also want to learn what happend)...

I don't think the House is getting involved to help Sony make it right. The House is getting involved because people's financial security are potentially at risk. It is not acceptable for Sony to not be able to confirm whether or not credit card information has been stolen so any affected people can protect themselves.

Keep in mind that not everyone is linked in to tech news such as this. Some 10 year old kid whose parents used their credit card are out there with credit card information up for sale (allegedly). I'm glad the House is looking out for that family.

Sraf said,

False, it can still get stolen. The only machine that is %100 secure is one that does not exist

This isn't about it being completely unbreakable, more of "Did Sony do everything they should have to protect the data, within the realms of reason"

Sony did not even have a Chief Security Officer, to excuse Sony for losing all this data to hackers is inexcusable and I'm glad congress is going after them.

Sony Fanboys are so freaking blind they try and make excuses for sony every time they screw up. The amount of abuse sony fans take from sony and still keep kissing their butt is truly amazing. This time they screwed up and lost our data, Got an email today from SOE and I played Star Wars Galaxies a few times years ago but because of this now my data is in the hands of thieves.

If your going to collect CC and personal data on users and hackers get it your going to have to answer for those mistakes.

Sony had our data Sony obviously did not do enough to protect our data it is there fault.

Xenosion said,

I don't think the House is getting involved to help Sony make it right. The House is getting involved because people's financial security are potentially at risk. It is not acceptable for Sony to not be able to confirm whether or not credit card information has been stolen so any affected people can protect themselves.

Keep in mind that not everyone is linked in to tech news such as this. Some 10 year old kid whose parents used their credit card are out there with credit card information up for sale (allegedly). I'm glad the House is looking out for that family.


Some of my information (pretty much just my social security number, name, and possibly address was on a laptop that when stolen in the state I live). The state gave us life-lock or something similar for a couple years. Sony could do the same possibly.. Would be a bit more of a hassle since everybody probably has to get new credit cards. I didn't have to do that.


but you still do make a good point... I just hope more laws and regulations that make it much harder on businesses don't come out of this.... (kinda).. will have to see what comes from this first..

Does Sony have to answer to it? It is a Japanese company afterall. They don't fall under jurisdiction of the US Congress. They do work within the US but the particular things that were breached are from my understanding Japanese based services, even though the PSN data servers were located in San Diego.

I guess it has to do with many of the 77 million PSN accounts being American accounts as well but still seems like they wouldn't HAVE to answer if they didn't want to. Or does world business trade require this stuff? This is very interesting to me to learn to be honest

slyph said,
Does Sony have to answer to it? It is a Japanese company afterall. They don't fall under jurisdiction of the US Congress. They do work within the US but the particular things that were breached are from my understanding Japanese based services, even though the PSN data servers were located in San Diego.

I guess it has to do with many of the 77 million PSN accounts being American accounts as well but still seems like they wouldn't HAVE to answer if they didn't want to. Or does world business trade require this stuff? This is very interesting to me to learn to be honest


I would imagine there could possibly be a ban on the PlayStation like there was in Europe. I doubt Sony would want to anger Congress as it would only hurt them.

Like most international companies, they have different Corporate Entities in each country.. Sony proper might not be required to answer questions, but Sony USA will be if they want to continue doing business..

presence06 said,
They effed up big time. Now Congress is on them. This is epic *grabs popcorn* this gets better each day.
Ya it should be fun to watch a bunch of old guys who have no idea how to use an ATM, let alone understand cyber security, talk to a bunch of lawyers and corporate bureaucrats who only have talking points..

Ryoken said,
Ya it should be fun to watch a bunch of old guys who have no idea how to use an ATM, let alone understand cyber security, talk to a bunch of lawyers and corporate bureaucrats who only have talking points..

It will surely be entertaining. Aren't these the same people who want to have an internet kill switch?

This whole fiasco would be avoided if it was a matter of public policy to not store the last 4 digits of a credit card number and to never store the extra 3 digit security code on the back in a database. I don't mind taking a little bit of extra time entering in my CC info or at least parts of it for the peace of mind that if the information is compromised, it isn't usable. Lets put limits on what these corporations are allowed to store in their databases and take the approach that data can always be compromised and therefore the data that is stored must be limited.

Shadrack said,
This whole fiasco would be avoided if it was a matter of public policy to not store the last 4 digits of a credit card number and to never store the extra 3 digit security code on the back in a database. I don't mind taking a little bit of extra time entering in my CC info or at least parts of it for the peace of mind that if the information is compromised, it isn't usable. Lets put limits on what these corporations are allowed to store in their databases and take the approach that data can always be compromised and therefore the data that is stored must be limited.

100percent agreed.

because storing entire CC info is just a bad idea in general because if history is shown us anything it's that you pretty much can't trust people in general with this sort of stuff as it's a matter of time before it's compromised.

Commenting is disabled on this article.