Sony Network Entertainment America detects a unauthorized activity on approximately 130 servers, more specifically, servers were rebooting when not scheduled to, Sony begins to investigate
SNEA engineers discover evidence of an "unauthorized intrusion", data has been removed
SNEA engineers take all PlayStation Network and Qriocity offline, 77+million registered users effected
Sony engages the services of a computer forensics and security consulting firm
Forensic teams confirm that intruders used, "very sophisticated and aggressive techniques to obtain unauthorized access"
and were able to, "hide their presence from system administrators", "escalate privileges inside the server."
Sony retains the services of a 3rd security and forensic team, This time:, A group with "highly specialized skills", Brought in to "determine the scope of the data theft"
PlayStation Network/Qriocity password
5.6 million were from the U.S.
Publicly announce the network intrusion
Alert regulatory authorities in, New Jersey, Maryland, New Hampshire
Alert regulatory authorities in, Hawaii, Louisiana, Maine, Massachusetts, Missouri, New York, North Carolina, South Carolina, Virginia, Puerto Rico
Sends 8 page official letter to Congressional Subcommittee on Commerce, Manufacturing, and Trade, Informs them of the intrusion, explains the lead up to the attack, how it was first detected, the deep impact it is having on the firm
Outlines already imposed heightened security measures including:, adding automated software monitoring, enhanced levels of data protection and encryption, new firewalls, moving the data center to a different location, hiring a new Chief Information Security Officer
Closing statement:, "We ask the Committee to consider as well the connection between data security and the cybercrimes and cyber terrorism that threaten to make the Internet unsafe for consumers and commerce."