The news conference the world has been waiting for opened with Kazuo Hirai sitting at the center of a long white table, with Senior Vice President Shinji Hasejimo to his left and Shiro Kambe to his right. Hirai started out by offering his "sincerest apologies" for worrying PlayStation Network users over the compromised data, in regards to both user data and credit card information, of the some 78 million user accounts created. Hirai then proceeded to lay out the following timeline for their official account of the situation.
Sony was first alerted of unusual activity on their servers starting April 19th. Immediately, they began investigation exactly what was happening. The following day, April 20th, Sony temporarily shut down all of their servers to minimize the risk of compromised data and also so that they could more effectively investigate the manner. Sony then proceeded to contact two separate US firms to mirror their servers and take a look around to see what they could find. April 26th, Sony sent out an email to all register users of the PlayStation network confirming their worst fears, user data had been taken. Information lost included users' name, address, email, date of birth, gender, and PlayStation Network login & password. Sony then again insisted that there was no evidence found that credit card information has been compromised; however, they still will not rule that out as a possibility. They have, however, confirmed that no security codes have been leaked, which seems to indicate this forum post claiming they had a full database of credit card information was just a lie. There also have been no confirmed cases of credit card fraud; however there have been a few reports around the web of various suspected cases. Hirai also wanted to inform all PlayStation Network users that monitoring their security is their #1 priority and that they are working with the FBI and will share any additional information as soon as it becomes available.
At this point, SVP Shinji Hasejimo took the mike to explain the structure of their network and explain how they believe the hackers gained access. The web app server seems to be the culprit, and after receiving access there, they granted themselves unauthorized access rights to the database server and from there were easily able to obtain credit card information. In response, Sony is planning to implement new security measures. Their data servers will now be moving to a new location which has enhanced automated software to detect unauthorized intrusion. It also will have additional firewalls and enhanced encryption on all servers. Sony will also be creating a new position, the "Chief Information Security Officer" who will oversee the whole switchover.
After all of these enhancements are completed, Sony will begin incrementally restarting service. Within one week, Sony expects to fully restore online gameplay, downloadable movies, movie rentals, PlayStation Home, and Game Chat functions on both the PSP and PlayStation 3. Everything else should follow incrementally to have the whole services completely restored within the month. Once signed in, all PlayStation Network users will be forced to change their password immediately. To increase security, this can only be done either on the same PS3 the account was originally created or through verified email confirmation. Despite their insistence that there is no evidence credit card information has been released, Sony is encouraging users to check their account statements and purchase history for any unauthorized purchases. Additionally, users should aggressively monitor their credit card statements to find any unusual activity. Sony also suggests that users change passwords to all user account on other services or websites that have the same user name and password as their PlayStation Network account.
If you're planning on canceling your credit card, Sony has agreed to cover the cost of any reissued cards should there be a fee. They will also assist any interested user in getting identity theft protection in their country. To compensate for the downtime, Sony will be releasing select free content to all PlayStation Network Users. Each user will also be offered a free 30-day subscription to PlayStation Plus. Current subscribers to PlayStation Plus and/or Sony's unlimited music subscription service will also be given 30 days of service for free.
Moving forward, Sony plans to "strengthen and learn from these incidents" to further enhance security across the board. They also plan to work with law enforcement around the world to crack down on illegal intrusion to electronic services. When asked in a Q&A session after the conference, Sony said that at this time, they haven't been even been able to scrutinize the estimated effects it will have on the company. They also said that there is no evidence linking earlier attacks on their server to the current data leak.