Sony is blaming Anonymous for indirectly allowing a hacker for a data breach of its PlayStation Network.
Sony’s PlayStation Network was breached at the same time it was defending itself against a major “denial of service” attack by the group calling itself Anonymous, the company said.
Anonymous is the name of a grass-roots cyber army that in December launched attacks that temporarily shut down the sites of MasterCard and Visa using simple software tools available for free over the internet.
Sony says that Anonymous targeted it several weeks ago using a “denial of service” attack in protest of Sony defending itself against a hacker in federal court in San Francisco.
The attack that stole the personal data of millions of Sony customers was launched separately, while the company was distracted protecting itself against the denial of service campaign, Sony said. It was not sure whether the organizers of the two attacks were working together.
In a letter to members of US Congress, Kazuo Hirai, Sony Computer Entertainment America LLC chairman of the board of directors, said Sony now faced a large-scale cyber attack involving the theft of personal information.
“What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes,” he added in the letter to members of Congress who have launched an inquiry into the matter.
Sony also said it waited two days after discovering data was stolen from its PlayStation video game network before contacting law enforcement and did not meet with FBI officials until five days later. The theft has prompted the US Justice Department to open an investigation, officials said.
US Attorney General Eric Holder said: “The Sony matter is under active investigation. It involves personnel from the FBI and the Justice Department who are looking into the matter. It is something we are taking extremely seriously,” he said.
Sony noticed unauthorized activity on its network on April 19, and discovered that data had been transferred off the network the next day.
The PlayStation Network had 12.3 million accounts with credit card numbers globally, and about 5.6 million were US accounts.
The company’s general counsel gave the FBI information about the breach on April 22, the company said in the letter to the subcommittee on Commerce, Manufacturing and Trade.