Phased Global Rollout of Services to Begin Regionally;

System Security Enhanced to Provide Greater Protection of Personal Information

Dubai, UAE, May 01, 2011 - Sony Computer Entertainment (SCE) and Sony Network Entertainment International (SNEI, the company) announced they will shortly begin a phased restoration by region of PlayStation Network and Qriocity services, beginning with gaming, music and video services to be turned on. 

The company also announced both a series of immediate steps to enhance security across the network and a new customer appreciation programme to thank its customers for their patience and loyalty.

Following a criminal cyber attack on the company's data centre located in San Diego, California, USA, SNEI quickly turned off PlayStation Network and Qriocity services, engaged multiple expert information security firms over the course of several days, and conducted an extensive audit of the system. 

Since then, the company has implemented a variety of new security measures to provide greater protection of personal information. SNEI and its third party experts have conducted extensive tests to verify the security strength of PlayStation Network and Qriocity services.

With these measures in place, SCE and SNEI plan to start a phased roll-out by region of the services shortly. The initial phase of the roll-out will include, but is not limited to, the following:

  • Restoration of online gameplay across PlayStation 3 and PSP systems, including titles requiring online verification and downloaded games.

  • Access to Q Music Unlimited for PS3/PSP for existing subscribers.

  • Access to account management and password reset.

  • Access to download unexpired movie rentals on PS3, PSP and Media Go.

  • PlayStation Home.

  • Friends List.

  • Chat functionality.

Working closely with several outside security firms, the company has implemented significant security measures to further detect unauthorized activity and provide consumers with greater protection of their personal information.

The company is also creating the position of Chief Information Security Officer, directly reporting to Shinji Hasejima, Chief Information Officer of Sony Corporation, to add a new position of expertise in and accountability for customer data protection, and to supplement existing information security personnel.

The new security measures implemented include, but are not limited to, the following:

  • Added automated software monitoring and configuration management to help defend against new attacks.

  • Enhanced levels of data protection and encryption.

  • Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns.

  • Implementation of additional firewalls.

The company also expedited an already planned move of the system to a new data centre in a different location that has been under construction and development for several months. 

In addition, PS3 will have a forced system software update that will require all registered PlayStation Network users to change their account passwords before being able to sign into the service. As an added layer of security, that password can only be changed on the same PS3 in which that account was activated, or through validated email confirmation, a critical step to help further protect customer data.

The company is conducting a thorough and ongoing investigation and working with law enforcement to track down and prosecute those responsible for the illegal intrusion.

"This criminal act against our network had a significant impact not only on our consumers, but our entire industry," said Kazuo Hirai, Executive Deputy President, Sony Corporation. "These illegal attacks obviously highlight the widespread problem with cyber security. We take the security of our consumers' information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks. Our global audience of PlayStation Network and Qriocity consumers was disrupted. We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation programme for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services."

Complimentary Offering and "Welcome Back" Appreciation Programme

While there is no evidence at this time that credit card data was taken, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programmes. The implementation will be at a local level and further details will be made available shortly in each region. 

The company will also roll out the PlayStation Network and Qriocity "Welcome Back" programme, to be offered worldwide, which will be tailored to specific markets to provide our consumers with a selection of service options and premium content as an expression of the company's appreciation for their patience, support and continued loyalty.

Central components of the "Welcome Back" programme will include:

  • Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon. 

  • All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service. 

  • Q Music Unlimited subscribers (in countries where the service is available) will receive 30 days free service.

Additional "Welcome Back" entertainment and service offerings will be rolled out over the coming weeks as the company returns the PlayStation Network and Qriocity services to the quality standard users have grown to enjoy and strive to exceed those exceptions. 

SNEI will continue to reinforce and verify security for transactions before resuming the PlayStation Store and other Qriocity operations, scheduled for this month.

For more information about the PlayStation Network and Qriocity services intrusion and restoration, keep an eye on PlayStation.Blog at blog.eu.playstation.com, twitter.com/PlayStationEU and eu.playstation.com for the latest updates.

With respect to potentially all of the PlayStation®Network and Qriocity™  account holders, the following applies for their personal information:

Account holder personal information that was obtained by an unauthorized person:

  • Name

  • Gender

  • Address (city, state, zip)

  • Country

  • Email address

  • Birthdate

  • PlayStation®Network/Qriocity™  password and login

  • Handle/PSN online ID

Account holder personal information that was possibly obtained by an unauthorized person (no evidence that this data was taken, but cannot rule out possibility that it was taken):

  • Profile data, including purchase history and billing address (city, state, zip)

  • PlayStation®Network/Qriocity™  password security answers

  • Credit card number (excluding security code) and expiration date

PlayStation®Network Services Countries / Regions and Accounts

Countries/Regions

Accounts

Countries/Regions

Accounts

Bahrain

26,392

Oman

9,801

Qatar

46,164

Saudi Arabia

651,018

United Arab Emirates

254,820

Kuwait

93,453

Lebanon

21,309

SNEI Security Measures

The following is a list of security measures SNEI is implementing for the PlayStation®Network and Qriocity™ services:

  • Security designed with industry best practices and standards.

  • Secure and industry best practices and standards regarding software development.

  • Implementation of additional firewalls.

  • Moving to a different data center with new equipment and network configurations.

  • Highly controlled and restricted network access.

  • Strong data protection and credit card encryption.

  • Secure monitoring and incidence response systems.

  • Software weakness detection and oversight mechanisms.

  • Formal change management procedures to detect unauthorized changes.

  • Automated software updates to help prevent new types of attacks.

-Ends-

About Sony Corporation
Sony Corporation is a leading manufacturer of audio, video, game, communications, key device and information technology products for the consumer and professional markets. With its music, pictures, computer entertainment and on-line businesses, Sony is uniquely positioned to be the leading electronics and entertainment company in the world.  Sony recorded consolidated annual sales of approximately $78 billion for the fiscal year ended March 31, 2010.  Sony Global Web Site: http://www.sony.net/

About Sony Computer Entertainment Inc.
Recognized as the global leader and company responsible for the progression of consumer-based computer entertainment, Sony Computer Entertainment Inc. (SCEI) manufactures, distributes and markets the PlayStation® game console, the PlayStation®2 computer entertainment system, the PSP® (PlayStation®Portable) handheld entertainment system and the PlayStation®3 (PS3®) system. PlayStation has revolutionized home entertainment by introducing advanced 3D graphic processing, and PlayStation 2 further enhances the PlayStation legacy as the core of home networked entertainment. PSP is a handheld entertainment system that allows users to enjoy 3D games, with high-quality full-motion video, and high-fidelity stereo audio. PS3 is an advanced computer system, incorporating the state-of-the-art Cell processor with super computer like power. SCEI, along with its subsidiary divisions Sony Computer Entertainment America Inc., Sony Computer Entertainment Europe Ltd., and Sony Computer Entertainment Korea Inc. develops, publishes, markets and distributes software, and manages the third party licensing programs for these platforms in the respective markets worldwide. Headquartered in Tokyo, Japan, SCEI is an independent business unit of the Sony Group.

About Sony Gulf FZE
Sony Gulf FZE is a 100% subsidiary of Sony Corporation and is the regional headquarters for the Middle East and Africa regions. The company is engaged in the business of Sony Consumer Electronics, VAIO laptop computers, Computer Peripherals, Data media, Recording Media and Energy (Batteries), Mobile Electronics (Car Audio) and Computer Entertainment products in more than 40 countries in the region. Apart from stock operations in the Jebel Ali Free Zone Establishment in Dubai, Sony Gulf FZE leads execution of various logistics, sales, marketing, advertising and customer services.

© Press Release 2011