Sony, which apologized Sunday for a security breach of millions of its Playstation customers’ data, has responded to members of Congress who asked for more information about the data-security breach. (Note that Sony this week reported another security breach on its Sony Online Entertainment division.) The New York Times reports:
Sony responded to lawmakers on Tuesday after the company was asked to answer a series of questions related to hackers breaching its network and gaining access to the personal data — including credit card numbers — of millions of its customers last month.
In the letter to Representative Mary Bono Mack, a Republican of California and chairman of the Subcommittee on Commerce, Manufacturing and Trade, Sony said it was the victim of a “large-scale cyberattack” that was carried out by “very professional, highly sophisticated” criminals intent on stealing personal and credit card information.
Sony said in the letter it had determined that the PlayStation Network was attacked by two different groups. One group slammed the servers with a major denial-of-service attack while other hackers gained access to personal information on the servers. The company said it was unsure if the two groups were related and if the first group of hackers provided cover for those trying to steal personal data. […]
The company also said it had discovered that the hackers gained access to the servers through “a system software vulnerability.” Sony has been working with the Federal Bureau of Investigation since April 22 to determine who was behind the attack. It did not provide details of how the attack was made.
The servers that were compromised during the breach contained 77 million customers’ personal information and 12.3 million credit cards, 5.2 million of them belonging to residents of the United States.