Sony Corp. (6758) Chairman Howard Stringer apologized and offered U.S. users of its PlayStation Network and Qriocity online services a year of free identity-theft protection after the system was crippled by hackers.
Japan’s biggest consumer-electronics exporter will offer a $1 million insurance policy per user, covering legal expenses, identity-restoration costs and lost wages that occur after data is stolen, Sony said in a blog post. Austin, Texas-based Debix Inc. was hired to provide the monitoring service and similar programs for customers other countries are being considered.
The announcement follows last month’s hacking of Sony’s online entertainment and games platforms when the Tokyo-based company was criticized by U.S. lawmakers for not informing users of the breach quick enough.
“I welcome Sony’s strong first step toward protecting millions of consumers whose personal and financial information has been compromised,” U.S. Senator Richard Blumenthal, a Democrat from Connecticut, said in a statement.
The shares fell to their lowest in a week in Tokyo today after Sony increased the total number of accounts that were comprised to 101.6 million.
“This is an unprecedented case of information theft in terms of the number of accounts involved,” said Nobuo Kurahashi, an analyst at Mizuho Financial Group Inc. in Tokyo. “There are lots of uncertainties including lawsuits, making it difficult to estimate the company’s overall expense.”
U.S. subscribers have until June 18 to sign up for Debix’s AllClear ID Plus protection program, said Patrick Seybold, a Sony spokesman for the video-games unit.
Sony didn’t say whether the program will cover identity theft that isn’t related to the mid-April breach of the PlayStation and Qriocity networks, which affected 77 million accounts. Some 24.6 million users of the Sony Online Entertainment platform were also affected, the company said.
“I know this is a frustrating time for all of you,” Chief Executive Officer Stringer said in the blog post. “Let me assure you that the resources of this company have been focused on investigating the entire nature and impact of the cyber attack we’ve all experienced and on fixing it.”
Kazuo Hirai, Sony’s executive deputy president in charge of consumer products and network services, apologized May 1 for the breach and said the company aims to restore the online gaming center by the end of the month after upgrading security. Hirai and two other officials bowed in apology at a press conference in Tokyo, and said Sony can’t rule out credit card numbers and expiry dates having been stolen. The company is cooperating with authorities, including the Federal Bureau of Investigation.
Sony fell 2.3 percent to 2,262 yen at the close of trading in Tokyo, the lowest level since April 28. The shares have slumped 23 percent this year.
The console maker has faced a legal and political backlash over delays in the time it took to warn customers their accounts had been compromised. Users were alerted of the breach April 27, six days after the shutdown of the movie and music-streaming services. The company hired technical experts to find out the problem.
“I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process,” Stringer wrote. “Hackers, after all, do their best to cover their tracks. It took some time for our experts to find those tracks and begin to identify what personal information had, or had not, been taken.”
Sony said on May 2 that the April attack also gave hackers access to data from Sony Online Entertainment, which offers role-playing games. That exposed 23,400 credit-card and debit records from non-U.S. customers, and the personal account information of 24.6 million account holders.
The inventor of Walkman music players was subpoenaed by New York Attorney General Eric Schneiderman over the data braches, a person familiar with the probe said.
In a letter to U.S. lawmakers, the company said while looking into the Sony Online Entertainment breach, it discovered that intruders had “planted a file on one of those servers named ‘Anonymous,’ with the words, ‘We are Legion.’”
The company noted that weeks earlier, several Sony divisions had been the “target of a large-scale, coordinated denial-of-service attack” by Anonymous, a hacker-activist group.
Sony was singled out in a statement by ‘Anonymous’ after the company sued George Hotz, a 21-year-old hacker who publicized instructions for playing unauthorized games on the PlayStation console.
Legal and technology costs are likely to increase because of the incident, further hurting Sony’s credit profile, Moody’s Japan K.K. said in a statement May 2. Sony has an A3 rating at Moody’s with a ‘stable’ outlook.
“We are absolutely dedicated to restoring full and safe service as soon as possible and rewarding you for your patience,” wrote Stringer. “We will settle for nothing less.”
To contact the reporters on this story: Cliff Edwards in San Francisco at firstname.lastname@example.org; Mariko Yasu in Tokyo at email@example.com
To contact the editors responsible for this story: Anthony Palazzo at firstname.lastname@example.org; Young-Sam Cho at email@example.com