In a letter sent to the subcommittee--which can beviewed in its entirety here--Sony Computer Entertainment America chairman and Sony Corp. executive vice president Kaz Hirai offered a detailed timeline of the aforementioned attack. The saga began at 4:15 p.m. PDT on April 19, when employees of Sony Network Entertainment America, which took over PSN operations in March, noticed that "certain systems were rebooting when they were not scheduled to do so."
The following day, SNEA noticed "evidence that indicated an unauthorized intrusion had occurred and that data of some kind had been transferred off the PlayStation Network servers without authorization." However, SNEA couldn't determine exactly what type of information had been taken, so it then took down the PSN as a precaution.
Also on April 20, Sony called in an external computer forensics firm to look into the incident. To complete the investigation, the firm had to mirror all the servers that had been hacked, which was a time-intensive process. The investigation grew even more complex once the full extent of the attack became clear, causing Sony to enlist a second computer security company to help in the investigation on April 21.
It took until the afternoon of April 22 for the two firms to complete the mirroring of nine of the 10 servers that had been compromised. It then took until the following evening (April 23) for the two companies to confirm that "intruders had used very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside servers." The intruders deleted log files to cover their tracks, Sony said.
By April 24--Easter Sunday--Sony said it had realized it was dealing with a "sophisticated hacker" and called in a third outside firm to "determine the scope of the data theft." By Monday, April 25, all three teams could confirm the scale of the personal data that had been stolen, but couldn't say definitively whether or not credit card information had been taken as well.
Of the 77 million, some 12.3 million account holders had credit card information on file, with 5.6 million being in the US. (Those numbers include active and expired credit card accounts.) Luckily, Hirai said that, to date, "the major credit card companies have not reported that they have seen any increase in the number of fraudulent credit card transactions as a result of the attack." Last week, Wells Fargo, American Express, and MasterCard gave a similar account to the press.
The good news is that Hirai said that Sony now believes it has indentified the cause of the breach. However, the company does not want to make the information public out of security concerns. It has, however, taken a variety of steps to beef up security, including moving its servers to a new facility, adding additional firewalls, enhancing data encryption and protection, and increasing automated software monitoring.