WASHINGTON—Sony Corp., in a letter to Congress released on Wednesday, offered a description of the cyberattack against its servers that allowed hackers to access account information to more than 100 million of its online gaming accounts.
Responding to a request from lawmakers examining data-breach issues, Sony offered an account of how it discovered the data breach on April 20 and the steps it has taken since then to uncover the extent of the breach and to repair its security systems.
Sony said it is facing a "large-scale cyberattack involving the theft of personal information" and that it has been working with the Federal Bureau of Investigation on the breach of its PlayStation Network since April 22. The company told lawmakers that it expects to restore "most services" to its gaming network subscribers shortly.
The letter said 77 million accounts were compromised, but Sony on Monday disclosed that an additional 24 million accounts on another network were also affected.
The company said it has been investigating the data breach since shortly after it happened. Sony said its investigation found on May 1 that "a likely theft from another Sony company's online service had previously gone undetected."
Sony didn't offer more details about that cyberattack.
The company said that it has become apparent that it is the "victim of a very carefully planned, very professional, highly sophisticated criminal cyberattack designed to steal personal and credit card information for illegal purposes." Sony said it now understands how the breach occurred, but declined to offer details to lawmakers on concerns that hackers could use the information to attack other companies who have similar networks to Sony's.
The company said that it has received "no confirmed reports" of the use of consumer credit-card information stolen from the company's servers. The company said 12.3 million credit-card holders had information on its PlayStation Network, including 5.6 million in the U.S.
Responding to a request from lawmakers examining data-breach issues, Sony offered an account of how it discovered the data breach on April 20 and the steps it has taken since then to uncover the extent of the breach and to repair its security systems.
Sony said it is facing a "large-scale cyberattack involving the theft of personal information" and that it has been working with the Federal Bureau of Investigation on the breach of its PlayStation Network since April 22. The company told lawmakers that it expects to restore "most services" to its gaming network subscribers shortly.
The letter said 77 million accounts were compromised, but Sony on Monday disclosed that an additional 24 million accounts on another network were also affected.
The company said it has been investigating the data breach since shortly after it happened. Sony said its investigation found on May 1 that "a likely theft from another Sony company's online service had previously gone undetected."
Sony didn't offer more details about that cyberattack.
The company said that it has become apparent that it is the "victim of a very carefully planned, very professional, highly sophisticated criminal cyberattack designed to steal personal and credit card information for illegal purposes." Sony said it now understands how the breach occurred, but declined to offer details to lawmakers on concerns that hackers could use the information to attack other companies who have similar networks to Sony's.
The company said that it has received "no confirmed reports" of the use of consumer credit-card information stolen from the company's servers. The company said 12.3 million credit-card holders had information on its PlayStation Network, including 5.6 million in the U.S.