Customers of Sony Corp.’s PlayStation Network and San Diego-based Sony Online Entertainment were still unable to access their video gaming and movie streaming services last week, as the company continued working feverishly to restore systems and ensure their safety.
While Sony has yet to issue any definitive date for the services coming back up, several news reports quoting a company spokesman in Tokyo say Sony hopes to have service restored by the end of May.
That would make the disruption, caused by at least two massive hacking events last month, one of the longest ever, said one computer industry consultant.
“I’ve never seen a system down this long, nothing beyond a week,” said Rick Doherty, research director for the Envisioneering Group in Seaford, N.Y.
According to Sony, servers for the PlayStation Network sustained an unauthorized intrusion between April 17 and 19. Unable to determine the source and scope of the attacks, the company shut down the network April 20, affecting 77 million accounts.
On May 2, Sony said its Sony Online network, which provides platforms for its popular multiplayer games such as “EverQuest,” was also attacked, affecting some 24.6 million accounts.
While the intruders may have stolen some credit card data, even without credit information, customers could become victims of more targeted phishing attacks to obtain more financial information by tricking customers into believing requests are from legitimate sources such as banks or Sony itself.
Murray Jennex, associate professor of information systems at San Diego State University, said with personal data such as names, email addresses, birth dates and phone numbers, hackers could possibly obtain loans and new credit cards, and rack up illegal purchases.
Identity Theft Protection
Earlier this month, Sony said it would provide free identity theft protection service to all affected customers. Later, Sony CEO Howard Stringer pledged the company would insure any losses to $1 million per customer.
While those actions are laudable, Sony is taking an enormous public relations hit because of the delay in letting customers know the extent of the attacks. It wasn’t until April 26 that it notified customers about the attacks.
“They could have handled this more forthrightly, and provided more information about what happened and what they were doing to fix it,” said Jennex.
Posts on the PlayStation Network’s website are dominated by users railing at Sony’s continued fudging on when the network will be restored. One poster wrote: “So which’ll come first, the 2012 end of the world or PSN coming back?”
Sony said it’s hired several security investigation firms and is working with the Federal Bureau of Investigation to determine the source of the hacking attacks.
In a letter to a congressional subcommittee investigating the problem, Sony’s No. 2 executive, Kaz Hirai, said the company was “a victim of a very carefully planned, very professional, highly sophisticated, criminal cyber-attack designed to steal personal and credit card information for ill purposes.”
He said the intruders planted a file on one of its servers with the word “Anonymous,” and a hacking group’s motto of “We are legion.”
In response, the group said it has never stolen credit cards, and didn’t in this case.
Doherty said he wasn’t sure, but he wouldn’t be surprised if Sony was a victim of corporate espionage.
Huge Monetary Loss
Whatever the source, the attacks will result in some of the largest monetary losses ever. According to several high technology industry analysts, Sony could be out more than $1 billion in lost business from the downtime, compensation costs and lost investment.
“This may be the mother of all data breaches at this point,” said Larry Ponemon, chairman of the Ponemon Institute LLC, a Michigan firm that covers data security.
Yet, Sony may be able to rebound if the new data centers it has been developing prove resilient to even more hacking attacks, Doherty said.
“If they can show the new data center can stand up against attacks, then they can gain more commerce and trust than their competitors,” he said.