Congress sends inquiry to Sony about PSN security breach

by Griffin McElroy on Apr 30th 2011 7:00PM

The list of organizations Sony's going to be answering to about the PlayStation Network security breach is growing with alarming speed. The latest addition to the horde is the United States House of Representatives Subcommittee on Commerce, Manufacturing, and Trade, which sent a letter to executive deputy president Kazuo Hirai yesterday with a number of inquiries about the nature of the breach, as well as the company's response to its consumers' collective exposure.

The letter, which was penned by subcommittee chair and California representative Mary Bono Mack, imposes questions including why the company is unsure whether users' credit card info was taken, as well as what steps Sony's taking to prevent future breaches. We're assuming that the question of "When's the PSN coming back online, because some of us are trying to get some Portal 2 co-op Trophies over here," was omitted, as it was found to not be "governmenty" enough.

Source: New York Times

Tags: congress, house-of-representatives, kaz-hirai, outage, playstation, politics, ps3, psn, psn-outage-2011, psp, sony

Reader Comments (94)

Well lets look at the bright side, those of use in the PlayStation Rewards beta got their shirts today.
Right?

@mcnichoj aww not I

@(Unverified) If shutting down a service to protect your customers' privacy, having the FBI hunt down the fools who did this, and potentially compensating your users is a "massive fail", then by all means, Sony is a complete failure. If you're an idiot.

@mcnichoj

Hey, what's up Sony, I didn't get my shirt from the rewards beta. Well honestly I would rather have a working PSN then a shirt.

Who knows, maybe they are going to send out another batch of shirts that show what the old PSN name stood for. Everyone thought it was for PlayStation Network. Nope:

Privacy
Security
Not

Just Kidding! ;-) Please don't flame me I couldn't resist.

Oh well, at least I scored Portal 2 today for $39, thanks to the sale at GameStop.

@Silent Intent

1. That's like shutting the barn door after all the horses got out. Not really accomplishing anything. They turned off the service because they're rebuilding the service and it would be irresponsible to leave it online with the same vulnerabilities present, especially with so much media attention.

2. Sony didn't exactly call in the big guns when the FBI got involved. The FBI got involved because there was a massive theft of taxpayer identities. That would be like praising BP for having the government assist in their oil spill.

3. "Potentially" is the operative word there. They haven't said anything. Also, a free PSN game really isn't making amends for "potentially" having my identity stolen.

I'm not saying this to defend (unverified), what he said was obnoxious too, but pro-Sony rah-rah-rah shows a lack of sense at this point. Yes I love playing Sony games, but as a company, I am NOT happy with them right now.

@onan How would the FBI know ANYTHING if Sony didn't call them, what you think the feds have mole in place just to see which companies get breached?

@Zippy Zapp

lol poor attempt at a pseudonym there dude :)

Should it not really be.

P.artially
S.ecure
N.etwork

More apt ;)

@onan What I find amusing is that we've been hearing breaches for years from banks, retailers, etc. Never have I seen congress try to get in on the action until now.

@The angry pro consumer gaming ga

That should probably tell you something about how it's been handled up until this point.

Also, you're absolutely right, what was I thinking. The FBI are just like the fire department, they just sit on their hands until someone calls them up.

@mcnichoj Hey I didn't get my shirt either... And they never asked what size we are... Are they using the PlayStation Eye to spy on us? O_o

@onan It tells me that politicians are media whore's? It tells me that when its a foreign company (Sony, BP) they'll pay attention and let home grown incompetence fly by.

You're the one claiming that Sony didn't notify the FBI, and yet they some how knew to get involved.

@The angry pro consumer gaming ga

By that logic Sony also notified Joystiq and asked them to write up all of these fantastic articles on the topic.

@onan You must not be very old with such naive ideas. Joystiq is a blog, which in turn they do a little something called Journalism. Just like other media outlets they have to follow a story not the other way around.

@The angry pro consumer gaming ga

/facepalm

@Silent Intent News falsh... They did NOT protect their customers data and they took almost a week to even warn us about it. I'd call Sony a massive massive FAIL on this in every way imaginable.

FYI you might want to change your password if you haven't already.

@The angry pro consumer gaming ga
How did the FBI get involved if Sony didn't call them? Well you know, there's this thing called "the media" right, and it tends to report on this kinda thing. MAYBE they heard about it that way.
Just sayin'..

@brightbonewhite

PlayStation Eye spy with my little eye...

I personally think Portal 2 should be an election requirement. Vote Special Agent Steve in 2012. I also promise to make the world not end. Maybe.

http://www.fallacyfiles.org/Bandwagon.jpg

@Fakeassname

Oh ho, I see what you did there!

My questions are "What freebie will we get? What freebie will PS+ users get?"

@PSN StaticShock

Consumer entitlement at its finest.

@PointlessPuppies
Not at all.

My name, address, phone number, post code, maybe my credit card details, my passwords and email addresses are in the hands of criminals.

Believe you me... if they don't give us something in return then there is going to be serious hell to pay. Even though I only have a PSP now after I sold my PS3 a couple of days ago.

@Banksyliveraa

"A free PSN game!? :O "
*Forgets about information being in the hands of criminals*

Doing it right?

@Banksyliveraa
Like Leon said, you're so bothered by this "heinous act" of leaking your information, yet you're perfectly willing to accept a free something as an apology?

I don't think you're truly hurt in principle. It's obvious you just want free stuff.

Didn't know it was congress job to be interfering with business going ons. Didn't see that in our constitution....

@shinjix2 In the United States Constitution (Article I, Section 8, Clause 3). The clause states that the United States Congress shall have power "To regulate Commerce with foreign Nations, and among the several States, and with the Indian Tribes".

@shinjix2

You didn't see it in the constitution because you didn't read it.

@shinjix2
Dude, it's usually best not to comment on something you know nothing about.
Damn.

@Bootes

The word regulate meant "to make regular" at the time, not "do a bunch of arbitrary crap."

@Raffi256 They need to be doing some Nate Dogg and Warren G style regulating right now.

I'm pretty sure our credit card information was taken because my bank had an unauthorized charge today on the card that I used on PSN.

Could be a coincidence but no other company that I've given my CC details to have recently had customer data stolen.

@(Unverified)
Because if you bought one you would've had your CC info stolen automatically?

Funny. I have a PS3 and PSN account and my CC info isn't tied to it. But hey, you made the infinitely wise decision to not buy the entire platform because...ehrm...yeah...

@PointlessPuppies

So you purchased no downloadable games? Or did you waste money with money cards from gamestop for all your online purchases?

@Integral Seriously people, call your credit card company and request a new number. It took all of 2 minutes when I did it. The peace of mind alone is worth it.

@Integral
Exactly how is puchasing pre-paid cards @ gamestop and Wawa unintelligent? they are the same price and digital purchases still can commence. The only difference is you have to input a code when you want to add funds. In all fairness those who use that practice are now protected

@PSYCHOxKING Because you assume trolls actually have brain's in their heads as opposed to sh*t.

@Deozaan

Well, my credit card information was also on my PS3, and I haven't had any unauthorized charges. My no unauthorized charges cancels your unauthorized charge out.

Nothing to see here.

@Troy Powers

That's possible. But it's also possible that your card hasn't yet or will never be used fraudulently from the (potentially) millions of cards that were stolen. It's also possible that your card has been charged but your bank isn't as good about notifying you about suspicious charges as mine is (the pending charge didn't show up on my online statement).

Just because you're not having a problem doesn't mean nobody else will. That said, just because I did have a problem doesn't mean anybody else will. As I said originally, it could be a coincidence that somebody somewhere attempted to make an unauthorized charge on the same card I had used on PSN less than two weeks after customer data was stolen from PSN.

@Integral
No I use Amazon to buy my PSN stuff.
http://www.amazon.com/b?ie=UTF8&node=1289533011

@Deozaan Sony said that while personal data such as name, birthday, and address were unencrypted, all the credit card data was encrypted. This makes sense as in order to process credit card transaction on the net, a business must abide by PCI regulations. One requirement is strong encryption of stored card information.

I don't know that I'd be able to convince anyone by explaining the difficulties of decrypting this data, but I personally am more concerned with identity theft than unauthorized card charges.

@nandokun

I'm no security expert, but I asked one of the more well known PS3 hackers about it and he said (basically) that the encryption keys/program were also probably on Sony's servers. Or else how could Sony even access the information?

So basically, if our credit card details were stolen, there's a good chance the method Sony uses to decrypt them were also stolen.

See: http://twitter.com/#!/KaKaRoToKS/status/63133620998635520
and http://twitter.com/#!/KaKaRoToKS/status/63134921622962176
for his explanation.

Just like most of the things congress does, this will do more harm than good.

Sony's Response: Der tirrk er servers!

What we should be asking is why won't Sony release its birth-certificate?

@SmashZilla
Because Sony was born in Kenya.

@mcnichoj Wrong. They obviously come from Nigeria.

@SmashZilla

Does it matter? It will be a fake certificate anyway.

@SmashZilla

I thought this had been settled? Sony was born in Hawaii people!

@SmashZilla
It is obvious that Sony is from the planet Reach.

| 1 | 2 | Most Recent | Next 50 Comments

Congress sends inquiry to Sony about PSN security breach

Reader Comments (94)

Posted: Apr 30th 2011 7:02PM mcnichoj said

Posted: Apr 30th 2011 7:10PM wocyob said

Posted: Apr 30th 2011 7:39PM Silent Intent said

Posted: Apr 30th 2011 8:02PM Zippy Zapp said

Posted: Apr 30th 2011 8:10PM onan said

Posted: Apr 30th 2011 8:24PM The angry pro consumer gaming ga said

Posted: Apr 30th 2011 8:28PM DigitalEmporer said

Posted: Apr 30th 2011 8:31PM The angry pro consumer gaming ga said

Posted: Apr 30th 2011 8:37PM onan said

Posted: Apr 30th 2011 8:40PM brightbonewhite said

Posted: Apr 30th 2011 8:50PM The angry pro consumer gaming ga said

Posted: Apr 30th 2011 8:52PM onan said

Posted: Apr 30th 2011 8:57PM The angry pro consumer gaming ga said

Posted: Apr 30th 2011 9:15PM xJimmeh said

Posted: Apr 30th 2011 9:28PM Steppencat said

Posted: Apr 30th 2011 9:35PM FreekyWiggle said

Posted: Apr 30th 2011 10:10PM FreakSheet said

Posted: Apr 30th 2011 7:04PM Special Agent Steve said

Posted: Apr 30th 2011 7:04PM Fakeassname said

Posted: Apr 30th 2011 7:37PM Ezio Auditore da Firenze said

Posted: Apr 30th 2011 7:09PM PSN StaticShock said

Posted: Apr 30th 2011 7:30PM PointlessPuppies said

Posted: Apr 30th 2011 7:51PM Banksyliveraa said

Posted: Apr 30th 2011 7:55PM Leon Trotsky TDA said

Posted: May 1st 2011 1:36AM PointlessPuppies said

Posted: Apr 30th 2011 7:09PM shinjix2 said

Posted: Apr 30th 2011 7:20PM Bootes said

Posted: Apr 30th 2011 7:41PM Integral said

Posted: Apr 30th 2011 10:18PM Nexum said

Posted: Apr 30th 2011 10:41PM Raffi256 said

Posted: May 1st 2011 11:38AM nandokun said

Posted: Apr 30th 2011 7:11PM Deozaan said

Posted: Apr 30th 2011 7:34PM PointlessPuppies said

Posted: Apr 30th 2011 7:43PM Integral said

Posted: Apr 30th 2011 8:04PM Jacksons said

Posted: Apr 30th 2011 9:00PM PSYCHOxKING said

Posted: Apr 30th 2011 9:04PM The angry pro consumer gaming ga said

Posted: Apr 30th 2011 9:05PM Troy Powers said

Posted: Apr 30th 2011 9:38PM Deozaan said

Posted: May 1st 2011 12:16AM The Aquacharger said

Posted: May 1st 2011 11:50AM nandokun said

Posted: May 2nd 2011 6:36PM Deozaan said

Posted: Apr 30th 2011 7:12PM Frozen Radiator said

Posted: Apr 30th 2011 7:14PM pibs said

Posted: Apr 30th 2011 7:15PM SmashZilla said

Posted: Apr 30th 2011 7:29PM mcnichoj said

Posted: Apr 30th 2011 7:42PM Silent Intent said

Posted: Apr 30th 2011 7:50PM CaptainProtonX said

Posted: Apr 30th 2011 7:58PM philmcfail said

Posted: Apr 30th 2011 9:16PM serge808 said

Info

Description

MSRP

Release Date

Genre

Developer

Publisher

Rating

Breaking News

WB conjures up Harry Potter for Kinect this fall

Featured Stories

Weekly Webcomic Wrapup is a stranger in a strange land

Silver Lining: I Am Alive's unfeeling world

Game Of Thrones and the paradoxes of adaptation

Engadget

TUAW

Massively

WoW