Sony Admits to Major Security Breach

User data, possibly credit card information, compromised

Last week, Sony Corp. shut down its PlayStation Network, an online game and movie service, saying that it had been the target of an “illegal intrusion,” but didn’t give further details.

Now, the company is admitting that hackers have stolen personal data and possibly the credit card numbers for at least tens of millions of PlayStation Network’s 77 million users, as well as people using Qriocity, a digital music service.

In a blog post, Sony said that although it is still investigating the incident, it believes that “an unauthorized person” had gained access to users’ names, addresses, birthdates, email addresses, logins and passwords, network IDs, and possibly their billing addresses and answers to security questions. “While there is no evidence at this time that credit card data was taken,” Sony added, “we cannot rule out the possibility.”

Sony’s delay in releasing details of the security breach resulted in a harsh reprimand from Sen. Richard Blumenthal, D-Conn. He sent a letter to Sony saying that he was “troubled by the failure of Sony to immediately notify affected customers of the breach.”

But Sony said that it wasn’t aware of the full extent of the hacking until Monday. After learning of the intrusion and shutting down service on April 19, "It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach," the company explained in a letter to the Los Angeles Times.