Computerworld reports that Sony has issued an apology for a "very sophisticated" intrusion of its PlayStation Network that exposed the personal information of 77 million users. The article quotes Kaz Hirai, head of Sony's gaming division, as saying:
We'd like to extend our apologies to the many PlayStation Network and Qriocity users who we worried ... We potentially compromised their customer data. We offer our sincerest apologies.
Help your users understand what to do if their personal information has been compromised.
Shinji Hasejima, Sony's chief information officer, says an application server that sits behind a Web server and two firewalls on Sony's network was used to launch the attack. The initial attack, which was not flagged because it was disguised as a purchase, exploited a known vulnerability in the application server. Software was planted that was used to access the database server that sat behind the third firewall.
According to USA Today, Sony will begin a "phased restoration" of the PlayStation Network this week. Meanwhile, reports The Wall Street Journal, two U.S. congressmen want Sony to answer questions about the breach, including when Sony first learned of the recent breach, why it waited days to notify its customers and how Sony intends to prevent further breaches in the future.