THE United States, Britain, Australia and Hong Kong are investigating the hacking and theft of personal data from Sony’s PlayStation Network, which has 77 million users worldwide.
The PlayStation Network and Qriocity streaming music service were shut down on April 20 after what Sony described as an “external intrusion” and remain offline as the company upgrades security and works with Federal investigators.
A US House of Representatives panel sent a letter yesterday to Sony chairman Kazuo Hirai with questions on the data breach.
“Sony’s statement describes information illegally obtained to include account information as well as potentially profile information,” said the letter from a panel of the House Committee on Energy and Commerce, which was posted on the Internet.
“Given the amount and nature of personal information known to have been taken, the potential harm that could be caused if credit card information was also taken would be quite significant.”
The committee, which has scheduled a hearing on May 4 to discuss data theft issues, also asked Sony to explain why it believes credit card information was not taken despite being unable to determine the exact scale of the theft.
The Japanese electronics giant has said users’ credit card data was encrypted but could not rule out the possibility that card data was obtained by hackers.
In Britain, the Information Commissioner’s Office said it had contacted Sony and will make “further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken.”
Australia’s Privacy Commissioner Timothy Pilgrim also said he had launched an investigation.
“We’re seeing more and more now information being held globally, and it’s more incumbent upon organisations to make sure they do have strong security systems in place to protect that information,” he told broadcaster ABC earlier this week.
Hong Kong Privacy Commissioner Allan Chiang said he was probing the breach and met with local Sony official Katsuhiko Murase who told him 400,000 Hong Kong PlayStation Network user accounts were involved.
He said Murase told him the account information compromised includes the name, address, country, email address, birthdate, PSN password and login, and PSN online ID of users but there was no evidence that credit card data was taken.
Sony is being sued in a US court by gamers who have accused the company of being negligent and breaching its contracts with PlayStation Network users.
The company has not indicated whether it has identified a culprit in the intrusion.
Internet vigilante group Anonymous had vowed retribution against Sony for taking legal action against hackers who cracked PS3 defences to change console operating software.
Sony has sold about 48 million PS3 consoles worldwide since they hit the market in November of 2006.