Two days after Sony announced that a major computer hack had possibly compromised the credit card numbers of tens of millions of customers, a US Senator is demanding a Department of Justice investigation into the matter—and complaining that Sony did not come clean about the breach soon enough.
On Tuesday, Sony said credit card data of PlayStation users may have been stolen in the attack, and announced that it had shut down its PlayStation network, affecting 77 million users.
Although it is not yet clear exactly what data the hackers were able to obtain, analysts said the incident could rank among the biggest cyber-thefts of all time.
Connecticut Democratic Sen. Richard Blumenthal, who pursued white collar criminal and consumer fraud cases as Attorney General of Connecticut before his Senate election last fall, fired off a letter to Sony demanding to know why the company had apparently waited as much as a week to reveal the security breach.
In an interview with CNBC, he said the U.S. government should investigate the entire matter. “There should be an investigation by the Department of Justice, if necessary, as to exactly why and how this very, very serious breach of information compromise of vital confidential data belonging to individuals actually happened,” Blumenthal said.
He implied that he doesn’t believe that Sony is entirely trustworthy on this issue. “Sony says it's doing investigation but there may be a need for more objective outside investigation,” Blumenthal said. “So that we really uncover the truth.”
Blumenthal also said he thinks Sony should offer insurance, credit reporting, and a credit freeze to its customers who have been affected by the attack.
“The time line here is that Sony learned about this breach on, about April 20 that it occurred April 19, but really failed to inform people until April 26,” Blumenthal said. “So that people were not aware of the compromise of their information until April 26—about a week after the intrusion reportedly occurred according to Sony.”
“Bottom line, Sony needs to come clean,” the freshman senator said.
Sony posted a Q&A about the attack on its PlayStation website, which said, in part, “We are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.”
The company said it is enhancing security and strengthening its network infrastructure. And it said it has already begun moving its network infrastructure and data center to a new, more secure location.
On Thursday, the FBI said it had begun looking into the situation.