Skip to main content









Donation Heart Ribbon

Sony PlayStation Breach Discovered In San Diego


News that Sony's online gaming network was infiltrated by hackers effects millions of users who may have had their personal and credit card information stolen. The security breach was discovered at Sony's data center in San Diego. KPBS technology reporter Peggy Pico is following the story.

News that Sony's online gaming network was infiltrated by hackers effects millions of users who may have had their personal and credit card information stolen. The security breach was discovered at Sony's data center in San Diego. KPBS technology reporter Peggy Pico is following the story.


Peggy Pico is the science and technology reporter at KPBS.

Read Transcript

This is a rush transcript created by a contractor for KPBS to improve accessibility for the deaf and hard-of-hearing. Please refer to the media file as the formal record of this interview. Opinions expressed by guests during interviews reflect the guest’s individual views and do not necessarily represent those of KPBS staff, members or its sponsors.

CAVANAUGH: I'm Maureen Cavanaugh, and you're listening to These Days on KPBS. This week on line gamers found out there are real risks involved in the virtual world. The Sony PlayStation network announced it was hacked, twice, and users' personal information including credit card numbers were stolen. The security breech was discovered in San Diego. KPBS science and technology reporter, Peggy Pico, has been following this story. Good morning, Peggy.

PICO: Good morning.

CAVANAUGH: Now, this is a huge story, largely over shadowed this week by the killing of Osama bin Laden am tell us what exactly was stolen.

PICO: You're absolutely right of it's a global story that has long range implications that matter to a lot of people. Anybody who uses the Internet could be interested in this. Exactly what was stolen, the credit card information, personal data like names, birth dates, passwords, account numbers, phone numbers, addresses, and that's what's valuable is that personal data am.

MAUREEN CAVANAUGH: Now, what -- whose information are we talking about? You say it has global implications of these customers of Sony's on line network?

PICO: Absolutely. So Sony online entertainment is an internet branch of Sony. Sony. They had 102-million -- 102-million gamers that had their information breached. Now, these are people who play games on line, you sign up for the service, you pay for it. And you play games on line with people from around the world. And it's a huge division of the Internet. There's also people on there, part of the entertainment server who can sign up for exclusive -- other exclusive sites via this network.

CAVANAUGH: Now, what can hackers do with this information? Especially if the credit cards are encrypted?

PICO: Right. And Sony claims the credit cards are encrypted. But the credit cards aren't really the problem. You can cancel a credit card. Here's the situation. The valuable thing is this personal data, the names, the birth dates, the addresses, because cyber criminals typically take them, sell them in bundles, so the more that you have, mess with them, and they can basically steal those peoples' identities and six months from now, a year from now, two years from now, set up fraudulent credit lines. And the person's not gonna expect it, right? Six months from now, a year from now, you're not gonna remember you canceled that credit card. So when I was talking to cyber security officials, they were saying the important thing for these victims is to monitor their credit status, and basically their credit data not just that credit card, maybe for the next couple years.

CAVANAUGH: Wow. I'm speaking with KPBS science and technology reporter, Peggy Pico, we're talking about the huge story that the Sony PlayStation network was hacked into, and users' personal information was stolen. How did the hackers breech the system? Do we know?

PICO: The FBI isn't talking of I've spoken to them at length. And there's basically FBI all throughout the country. And all of, you know, basically similar security systems all throughout the world that are working on this. It's an international crime. Although I've talked to some experts who believe that they actually had to get inside the building at Sony headquarters and find a breech in the system on an unmanned computer. So somehow get access to the information, they used that information to set up a remote location in order to steal the data some mace else 678 but they believe, what I'm hearing, basically is there had to be some initial access to the main computers.

MAUREEN CAVANAUGH: Inside job, in some way. And so the breech was discovered here in San Diego?

PICO: It was. So that's data centers throughout the world that relay and sort of monitor on line data for those companies, obviously they have to sort of get it around the world. So the talk around town is that -- well, this is what happened. The San Diego data center noticed some unusual Internet traffic patterns issue they noticed something's different, something's not going right. And they alerted Sony.

MAUREEN CAVANAUGH: They alerted sonny, and then after they alerted Sony, Sony has come in for some criticism as to what they did after they were alerted. Tell us about that.

PICO: Right. And it's actually -- yeah, we'll talk about this a little bit later. But they actually were being criticized because the first hack situation, the first break in was April 16th, that's when 77 million customers' identities and personal information were taken, then April 17th another nearly 25 million people, customers, were also hacked. But it took Sony two days after both incidences to even notify law enforcement another five days to notify the FBI, and then it took them six days to tell customers. So customers didn't know what was going on. They didn't know. There were six days that their data and personal information and credit card information had been hacked into, and they weren't notified, and they're pretty mad about it.

MAUREEN CAVANAUGH: I can imagine. Sony have an explanation about that?

PICO: Sony says that they wanted to verify what was taken, and basically they were doing their research on it. They did shut down their website so that nobody else could get onto it, and they finally,apologized, and I say finally 'cause that was the -- also court reporter. People were mad that they didn't apologize about it. And that didn't 457 till May 1st.

CAVANAUGH: I see. Are there any leads as to who might be behind this situation?

MAUREEN CAVANAUGH: Well, Sony is blaming an Internet vigilante union called unanimous for, quote, indirectly allowing hackers to access their accounts. Unanimous vehemently denies this. They say we are not part of this. We do not have anything to do with it. And experts say that this is not typical behavior for hackers like unanimous. Hackers like that, vigilantes like that tend to want to make a point. They may want to one up and show that they can hack a system, and they have hacked systems before because they're mad at a company or they want to make a point about a company. They're generally not the ones that steal personal data for sale. So the FBI and others pretty much believe this is a criminal act for sale to get money.

CAVANAUGH: Okay. So that's the hacking part of it. Now we move to the idea of all the people who are mad at Sony about this. I understand that an on line user has filed a class action lawsuit against Sony.

PICO: Right. The first of many to be expected. There was a business student in Toronto Canada who proposed a class action lawsuit for $1 billion to cover the one million Canadians who are suing Sony that their information was breached. And she's been all over the web. She has said in a statement, quote, if you can't trust a huge multinational corporation like Sony to protect your information, who can you trust? It appears to me that Sony focuses more on protecting its games than its PlayStation users. That's sort of what's being echoed around. Also the privacy -- Canada's privacy commissioner is now calling for substantial fines in international companies when they fail to adequately protect son supers from cyber crime.

CAVANAUGH: And briefly, Peggy, what's the status of Sony's on line network now?

PICO: Sony is still shut down. It's been shut down for a couple weeks. They say they're gonna try to get it back on line in the next week, in this coming week, and they say that they have tried, basically, to put in new systems to make sure everything is protected?

CAVANAUGH: Wow. Well, thank you so much Peggy?

PICO: You bet.

CAVANAUGH: Coming up, KPBS film critic Beth Accomando previews the summer movie season.

Want more KPBS news?
Find us on Twitter and Facebook, or subscribe to our newsletters.

To view PDF documents, Download Acrobat Reader.