Sony isn't in the clear by any means, despite finally having a plan in place for PSN and Qriosity recovery following what we now understand was a serious case of identify theft which forced the company to take both services offline for over two weeks and counting. For starters, Sony is going to need to answer some questions over how this mess (which will affect millions of PSN users) managed to occur, not to mention the quality and timeliness of the company's response to customers.
Today Sony Computer Entertainment America chairman Kaz Hirai has presented an official response to the list of questions delivered by the U.S. House of Representatives' Subcommittee on Commerce, Manufacturing and Trade earlier this week. The answers highlight the nature and potential extent of the "very professional, highly sophisticated criminal cyber attack" which Sony faced, which resulted the theft of account details for millions of PSN users.
The main culprit which Sony is blaming at this point? You probably guessed it since the very start of this mess, it's the "hackivist" collective "Anonymous" of 4chan fame/infamy. The evidence lay in a file planted on one of the Sony Online Entertainment servers (now also a victim of hack attacks) conveniently labelled "Anonymous" and bearing the message "We are Legion". Sony will have to uncover the truth behind this, so they still have some investigating to do if they want to identify the individuals responsible.
While Sony concedes they are not ruling out the possibility of credit card numbers (and their expiry dates) being stolen alongside the PSN account info, the company maintains in its response to the subcommittee that major credit card companies still haven't reported any fraudulent transactions resulting from the cyber attack on PSN.
Sony also reiterates its pledge to step up its online security game for all its network services, and the company will also be bringing in a new Chief Information Security Officer to oversee its online networks.