PSN Outage: Day 10 – FBI, Congress and 22 State Attorneys General Get Involved Drew Wilson | April 30, 2011 It is now day 10 of the infamous Sony PSN (PlayStation Network) outage. Already, 5 countries are involved including the US, UK, a city in China, Australia and Canada. Now, it seems the US has increased its involvement in this outage. The FBI, Congress and 22 State Attorneys General are going to be joining the Department of Homeland Security in this. Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes It’s not difficult to picture Sony’s US headquarters these days – men in black wandering around in small cubicle farms, phones ringing off the hook, politicians pounding on their doors and server rooms mummified in caution tape. As we’ve noted in previous days, government involvement is increasing all over the world, one government even threatening Sony with fines. It seems as though government involvement is only increasing these days. We begin with congress. According to the New York Times, the Subcommittee on Commerce, Manufacturing and Trade has sent a letter to Sony (PDF) demanding answers. They are asking, among other things, when and how they were aware of the breach, when authorities were notified of the breach, why there was a delay in notifying customers, why Sony doesn’t believe credit card information is in the wrong hands, and where does Sony go from here. The letter was signed by Chairman Mary Bono Mack and G.K. Butterfield, a ranking member. It seems that Congress isn’t the only ones getting involved. TGDaily notes that the FBI is also involved in this now: “The FBI is aware of the reports concerning the alleged intrusion into the Sony on line game server and we have been in contact with Sony concerning this matter,” special agent Darrell Foxworth told Kotaku. “We are presently reviewing the available information in an effort to determine the facts and circumstances concerning this alleged criminal activity.” Kotaku also said (Canadian URL) that 22 states are involved at this point: Meanwhile attorneys general from 22 states are demanding answers from Sony over the breach, asking why it took the company so long to alert customers to the attack. That group of state attorneys general are sharing information with one another about their individual inquiries, Susan Kinsman, communications director for the Connecticut Office of the Attorney General told Kotaku. The collection of attorneys general have also contacted the Federal Trade Commission to see if they have launched their own federal investigation, she said. An Attorney General issued a press release (PDF) which contains the following: Sony has confirmed the compromised data may include a wide range of personal information such as user names, addresses, birth dates, e-mail addresses, account login data, and potentially credit card information. In addition to video game playing, Sony’s network can also be used to access other entertainment networks such as Netflix, Facebook and Twitter. In a letter to Sony, Jepsen asked for more details about the extent of the breach, what third-party products may be affected, and the steps the company is currently taking to protect its users. He also expressed concern about whether Sony promptly detected and alerted customers about the breach. “In this era of increasing reliance on technology, it is vitally important that all entities entrusted with nonpublic personal information employ the highest levels of data security,” Jepsen wrote. “I expect Sony to work with and protect any consumers harmed as a result of this breach, and will review Sony’s efforts to protect private information.” Sony first detected an intrusion on April 20 and reported it as a network outage. On Monday, five days after the initial intrusion, Sony analysts confirmed the actual data breach. The company alerted customers Tuesday that their personal data may be at risk. Interestingly enough, the Kotaku article mentioned the possible involvement of the FTC. While it’s possible that the FTC has jurisdiction, apparently, the FTC wouldn’t confirm if they are also investigating. Meanwhile, in Canada, a second privacy commissioner is getting involved. There was already the Privacy Commissioner of Canada that is involved, but now, a Provincial privacy commissioner is getting involved. From Global TV BC: Alberta’s Information and Privacy Commissioner Frank Work is warning Playstation users to be on the lookout for suspicious activity on their accounts after Sony reported that the information of 77 million users worldwide had been compromised by a possible hacker. News of the breach came on Tuesday, when Sony released an online letter to users. “Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address, country, e-mail address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID,” the letter said. It’s extremely difficult to just keep tabs on all the developments. Figuring out who all is involved is quite a task in and of itself – and those are the ones being reported in the media at this time. Who knows who is unofficially involved? This leads to one possible problem, co-ordinating the effort. With so many moving parts now on the scene, how does so many entities stay focused and work with each other on this issue? It’ll be interesting to see how everything stays organized at this point. While some details remain sketchy, we do know now that Sony will be holding a conference to explain what is going on. From NowGamer: The conference, being held tomorrow at 2PM in Japan (5AM UK) will address the recent PSN outage and when Sony expects the PSN to be back up. Sony’s Kaz Hirai will reveal information regarding the PSN hack and subsequent loss of service, as well as detail the systems it is putting in place to resume PlayStation and Qriocity networks. Sony has already announced that it expects some services of PSN to be back up by the 4 May, so hopefully we’ll find out tomorrow just what this means for gamers. Not exactly the Tuesday reboot day that was floating around earlier, but it is merely a day later than expected. Do you think that those who broke in to the network will get caught? Drew Wilson on Twitter: @icecube85 and Google+.