Timeline of Sony data theft

Sony's Kaz Hirai has issued a letter in response to an inquiry from the US House Subcommittee on Commerce, Manufacturing, and Trade. It outlined several new details regarding how events unfolded after the data theft. We've combed through that information and Sony's prior communications on the matter to piece together this timeline of the cyber-attack that stole data from the PlayStation Network and other Sony online services.

  • April 4 (Monday) - Hacker group Anonymous targets Sony for denial of service attacks, in retaliation for Sony legal action against George Hotz (aka "GeoHot") and Graf_Chokolo

  • April 7 (Thursday) - Anonymous halts attacks, apologizes for inconveniencing users, and acknowledges diverse points of view within hacker group

  • April 17-19 (Sunday-Tuesday) - PlayStation Network and Sony Online Entertainment hacked, user data stolen

  • April 19 (Tuesday, 4:15 pm PDT) - Sony Network Entertainment America network team notices unauthorized activity due to unscheduled server reboots; team begins running logs to analyze data

  • April 20 (Wednesday, early afternoon) - Sony forms larger team to assist the investigation; network team discovers unauthorized intrusion and that unknown data had been transferred from the PlayStation Network; network team shuts down PSN; Sony retains a security and forensic consulting firm to assist in the investigation; Sony begins mirroring suspected servers

  • April 21 (Thursday) - Sony retains a second security and forensic consulting firm; Sony issues a statement suggesting the network could be down for "a day or two"

  • April 22 (Friday) - Sony Computer Entertainment America general counsel provides FBI with information about the intrusion; network team finishes mirroring 9 of the 10 suspected servers; Sony issues a statement admitting an "external intrusion"

  • April 23 (Saturday) - Network teams determine that sophisticated hackers deleted log files to hide activity within the network; Sony issues a statement regarding re-building the network infrastructure for better security

  • April 24 (Sunday) - Sony decides to retain a third forensic team to help determine the scope of the breach

  • April 25 (Monday) - Forensic teams are able to determine that user data had been stolen, but could not rule out whether credit card information had been accessed

  • April 26 (Tuesday) - Sony notifies public of data intrusion; Sony also notifies regulatory authorities in New Jersey, Maryland, and New Hampshire;

  • April 27 (Wednesday) - Sony meets with FBI regarding data intrusion; Sony notifies the regulatory authorities in Hawaii, Louisiana, Maine, Massachusetts, Missouri, New York, North Carolina, South Carolina, and Puerto Rico; Sony tells SOE users that their databases and servers are kept separate, and therefore safe

  • April 28 (Thursday) - Hacker groups claim to be selling credit card data; security analysts confirm the discussions are taking place, but cannot confirm the legitimacy of the list; one hacker claims to have tried selling to Sony, but Sony denies any knowledge of such a sale

  • April 30 (Saturday) - Sony holds a press conference in Tokyo, apologizing for the data theft and detailing the PSN Welcome Back program; Sony says that some services will resume in the coming week

  • May 1 (Sunday, afternoon) - Sony detects intrusion into Sony Online Entertainment, including a file titled "Anonymous" that reads "We are Legion"

  • May 2 (Monday, morning) Sony Online Entertainment servers taken offline, with a brief statement, "we have discovered an issue that warrants enough concern for us to take the service down effective immediately."

  • May 2 (Monday) - Sony receives Congressional inquiry; Sony issues a statement that 12,700 credit cards and 24.6 million accounts were compromised in SOE data theft

  • May 4 (Wednesday) - Sony's Kaz Hirai responds to Congressional inquiry, implicating Anonymous Group

As of the time of writing, both PlayStation Network and Sony Online Entertainment are still offline.