San Diego Business Journal

San Diego-based Sony Online Entertainment, a division of Sony Corp., continued to grapple with a massive cyber attack to its servers that began in April, and resulted in shutting down portals to both SOE’s multiplayer games and interactive online games offered through its Sony PlayStation Network.

Although SOE said last week that service would be restored, neither of the networks were up and running as of May 5. The company said it is working “around the clock” to correct the situation and is investigating the origins of the hacking attack, which occurred April 16-17.

Shortly after that attack was discovered, the PlayStation Network, which has some 77 million customers, was shut down. Later, on May 2, SOE shut down service after the unit determined that personal data from 24.6 million customers may have been stolen. The data included names, addresses, e-mail addresses, birth dates, phone numbers, login names and hashed passwords. It did not include credit card data.

However, in the same announcement, SOE said there was a breach of an outdated database that includes some 12,700 non-U.S. credit and debit card numbers, and 10,700 direct debit records for customers in Austria, Germany, the Netherlands and Spain.

Sony said it has been working with the Federal Bureau of Investigation, and has hired outside security experts to supplement its own probe into the attacks.

Since the attacks, the Tokyo-based electronics conglomerate has been criticized by elected officials and others for not sharing what’s going on and how it is responding to the crisis.

Credit Card Information Targeted

In a May 3 letter, Kaz Hirai, Sony’s No. 2 ranking executive behind CEO Howard Stringer, said Sony was the victim of a carefully planned, sophisticated criminal cyber attack “designed to steal personal and credit card information for illegal purposes.”

Hirai said the hackers left a calling card on one of the breached servers identifying it coming from Anonymous, with the words, “We are Legion.”

He also revealed that Anonymous, a loose-knit group of hackers, had previously launched a denial of service attack in response to Sony’s filing suit against well-known hacker George Hotz.

In a missive dated May 4, Anonymous admitted that it did conduct a hacking attack on Sony last month, but it never stole any credit card information.

Sony said in press announcements that it has notified its customers about the attacks and what it is doing in response, and warned customers about the heightened potential for phishing expeditions by those using the stolen personal data. Sony warned that phishing requests may come via e-mail, phone or Postal Service mail.

Odd Requests

Sony said if customers receive requests for credit card or Social Security numbers, “you can be confident Sony is not the entity asking.”

As compensation for not having access to Sony’s online gaming networks, the company said it would provide a 30-day extension on subscriptions, plus one day for each day the services were shut down. That would be an additional 30 days through May 5.

In March, SOE shuttered three development offices in Denver, Seattle and Tucson, Ariz., which were involved in producing a new multiplayer game. That action resulted in the layoff of 205 employees, but SOE didn’t reveal its total head count then. Last year, the unit said it had about 1,000 total employees.

Sony Corp. also operates two other units in San Diego: Sony Electronics in Rancho Bernardo, with about 2,000 employees, and Sony Computer Entertainment America in Sorrento Valley, with an undisclosed number of employees.