According to details from Sony themselves in a letter to congressional subcommittee, Sony was aware that data had been removed from their systems six days before warning customers that accounts had been compromised. All dates and times from Sony's missive to Congress.
April 19, 2011. 4:15PM PDT – Sony Network Entertainment America (SNEA) network team detects unauthorized activity in the network of 130 servers. Specifically, machines were "rebooting when not scheduled to do so." Analysis begins.
April 20, 2011. Early Afternoon – SNEA engineers discover evidence of "unauthorized intrusion" and that data had been removed from PlayStation Network servers. PlayStation Network shut down by engineers, taking 77 million registered PlayStation Network and Qriocity accounts offline. Sony retains service of computer security and forensic consulting firm.
April 21, 2011 – Sony retains services of second computer security and forensic consulting firm.
April 22, 2011 – Nine of ten compromised servers are mirrored by Sony and security firms. Sony Computer Entertainment America (SCEA) general counsel provides FBI with information about the intrusion. A meeting with the FBI is scheduled for Wednesday, April 27th, 2011. Sony acknowledges on their blog that their system had an "external intrusion", but mentions nothing about the loss of data and issues no warning to customers
April 23, 2011. Afternoon – Forensic teams confirm that intruders used "very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside the server."
April 24, 2011. Easter Sunday – Sony retains additional forensic team with "highly specialized skills" to "determine the scope of the data theft".
April 25, 2011 – Teams confirm account details compromised, including name, address, country, email, birthdate, PlayStation Network/Qriocity password, login, handle and network ID, but remain unsure if any of the 12.3 million global credit cards stored on the servers were compromised.
April 26, 2011 – Sony Network Entertainment and Sony Computer Entertainment America provide public notice of the intrusion and alert regulatory authorities in New Jersey, Maryland, and New Hampshire.
April 27, 2011 – SCEA alert regulatory authorities in Hawaii, Louisiana, Maine, Massachusetts, Missouri, New York, North Carolina, South Carolina, Virginia, and Puerto Rico.
May 3rd, 2011 – Sony Chairman Kaz Hirai sends letter to Congressional Subcommittee on Commerce, Manufacturing, and Trade explaining details of intrusion.
The cyber attack that knocked the Playstation Network and Sony Online Entertainment offline for more than a week was a "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information," according to a letter from Sony to... More »
The hack attack that forced Sony to take the Playstation Network and Sony Online Entertainment offline and resulted in the theft of personal information from tens of millions of people around the world wasn't really Sony's fault, it was an inevitability, a security expert tells Kotaku.
Bruce... More »
Sony's security problems continue to mount, as Sony Online Entertainment reveals that the personal information of 24.6 million SOE accounts and more than 12,700 credit card numbers may have been compromised in the massive attack that brought down the PlayStation Network late last month. More »
A security breach in the Playstation Network by still unidentified hackers resulted in stolen personal information, Sony confirmed today.
Sony says while personal information was likely stolen they don't believe credit card numbers were and that they hope to have the Playstation Network service... More »
The Federal Bureau of Investigations today confirmed to Kotaku that it is looking into the security breach that brought the Playstation Network down and exposed millions of users' personal data to cybercriminals.
The FBI is joined by nearly two dozen state attorneys general and possibly the Federal... More »
It's a good thing Sony warned people to be vigilant about their credit cards, because as part of the company's Tokyo press conference yesterday PlayStation boss Kaz Hirai said that up to ten million customer's account details could have been compromised.
That's not the personal details on their PSN... More »