Sony Chief Executive Officer Howard Stringer has apologised to users of the PlayStation Network and other online services. “As a company we – and I – apologise for the inconvenience and concern caused by this attack,” Stringer said on Sony’s US PlayStation blog.
Sony issued its first warning on the break-in a week after it detected a problem with the network on April 19th, infuriating many PlayStation users around the world. Sony said it needed time to work out the extent of the damage.
“I know some believe we should have notified our customers earlier than we did. It’s a fair question,” Stringer said. “I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had – or had not – been taken.”
Stringer said Sony would restore network services “in the coming days,” but gave no date.
In the United States, potential victims are beginning to take action. One US law firm has filed a lawsuit in California on behalf of consumers. The theft prompted the US Justice Department and Federal Bureau of Investigation to open an investigation and New York Attorney General has subpoenaed Sony entities over the breaches.
Stringer also said the company had launched a $1 million data theft insurance policy for each of its US.PlayStation Network and Qriocity users.
“I know this has been a frustrating time for all of you,” Stringer said. “To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely,” he said.
The company is looking to its insurers to help pay for its data breach, an amount that one expert estimates could exceed $2 billion.
“We have a variety of types of insurance that cover damages. Certain carriers have been put on notice,” said a Sony spokesman.
The hackers have not been identified, but Internet vigilante group Anonymous, which had claimed responsibility for previous attacks on Sony and other corporations, denied it was behind the data theft.
Sony says, the massive data theft coincided with the electronics giant fighting a denial-of-service attack (DDoS) from Anonymous.