Sony Explains PlayStation Attack to Congress

Sony responded to lawmakers after the company was asked to answer a series of questions related to hackers breaching its network and gaining access to the personal data — including credit card numbers — of millions of its customers last month. In the letter to Rep Mary Bono Mack (R-CA) -- chairman of the Subcommittee on Commerce, Manufacturing and Trade -- Sony said it was the victim of a “large-scale cyberattack” that was carried out by “very professional, highly sophisticated” criminals intent on stealing personal and credit card information. Sony said in the letter it had determined that the PlayStation Network was attacked by two different groups. One group slammed the servers with a major denial-of-service attack while other hackers gained access to personal information on the servers. The company said it was unsure if the two groups were related and if the first group of hackers provided cover for those trying to steal personal data. Although Sony said it did not know who was responsible for the attacks, the letter said the company believed a group called Anonymous played a role, as Sony found files on its servers that said “Anonymous” and “We Are Legion.” Sony’s Web sites came under attack from this group several weeks earlier when it was hit with a similar “large-scale, coordinated, denial-of-service attack.” The company also said it had discovered that the hackers gained access to the servers through “a system software vulnerability.”

Despite suffering massive breaches that made national news, neither Sony nor Epsilon showed up to a House hearing on data theft this morning -- the predictable result of which was that both firms were just trashed in absentia.