WASHINGTON – Sony Corp. has informed a U.S. congressional panel that personal information related to all 77 million users of its online services was stolen during a recent data breach involving its popular PlayStation gaming systems.
In a written response dated Tuesday to a question paper from the House of Representatives’ Energy and Commerce Committee, Sony said, “The criminal intruders stole personal information from all of the approximately 77 million PlayStation Network and Qriocity service accounts.”
Sony had earlier said an unauthorized person may have obtained the personal information, including names, addresses, e-mail addresses, birthdates and passwords, from the 77 million accounts by unlawfully accessing the systems.
“We have received so far no confirmed reports of illegal usage of the stolen information,” the Japanese electronics giant said in the answer submitted Wednesday to a subcommittee hearing of the House’s panel.
Sony also said that not every piece of information in the accounts of PlayStation Network service and Qriocity online music and video service users appears to have been stolen.
At the hearing, the House’s Committee criticized Sony for its failure to immediately notify consumers of the data breach incident.
“For me, the single most important question is simply this: Why weren’t Sony’s customers notified sooner of the cyber attack?,” Mary Mack, who chairs the House’s Subcommittee on Commerce Manufacturing and Trade, said in an opening statement.
Mack, a Republican from California, also expressed displeasure with the absence of Sony officials at the hearing despite the panel’s request.
Noting that Sony said it was too busy with its ongoing investigation, Mack said American consumers “deserve some straight answers and I am determined to get them.”
Sony has asked the U.S. Federal Bureau of Investigation to look into the data breach case.
In the written response, Sony said it took time to announce the data breach incident as it “was very concerned that announcing partial or tentative information to customers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence.”
Sony also revealed that the details of some 12.3 million credit cards worldwide may have been accessed.
Sony has suspended its PlayStation Network services since April 20 following the discovery of evidence indicating an unauthorized intrusion into the network systems.