Sony clarifies when it knew of data theft

Sony has issued a statement regarding the gap between when it pulled the plug on the PlayStation Network and when it alerted users of the potential data theft. Corporate communications director Patrick Seybold clarifies what the company knew and when, claiming that the investigation didn't yield concrete results until Monday:

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday [Monday] to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon [Tuesday].

It does seem likely that Sony suspected user data theft was a possibility when it pulled the plug last Wednesday, and gamers can draw their own conclusions on whether knowledge of the possibility should have had Sony alerting users earlier. Even given the statement, the company apparently confirmed the data theft on Monday but announced it on Tuesday. Still, Seybold denies that the company sat on the knowledge for a full week.

In a rare spot of good news, Sony's MMO-centric division Sony Online Entertainment has confirmed that it was not a victim of the attack, as its systems and databases are separate.

"We have been conducting a thorough investigation and, to the best of our knowledge, no customer personal information got out to any unauthorized person or persons," SOE director of global community relations Linda Carlson explained.

Sony has also set up a FAQ page regarding the incident. It declines to comment on the frequency of attacks on the PSN or its security measures, and reminds users to be vigilant with common sense identity theft prevention steps. Be wary of e-mails or telephone calls asking for personal information, and if you provided PSN with a credit card, watch your credit statements carefully for signs of fraud.

Sony is expected to resume some PlayStation Network services within a week, and will be promoting games that were meant to come out in the interim. Meanwhile analysts point out that while the financial impact is hard to predict, the company has been hit by a serious issue of consumer trust.