Connecticut Senator Richard Blumenthal, in a letter to Sony on Tuesday, asked the company to clarify the number of compromised credit card accounts and requested a detailed timeline outlining what the company knew about what was stolen and when it was known.
Blumenthal said he would ask U.S. Attorney General Eric Holder to investigate the matter and check whether Sony’s subsequent handling of the breach would make it civilly or criminally liable.
“I would appreciate a direct and public answer detailing what the company will do in the future to protect its consumers against breaches of their personal and financial information,” Blumenthal wrote.
“It’s a significant operation,” said David Baker, vice president of services with electronic security firm IOActive, which is not involved in the investigation.
He said that card issuers MasterCard and Visa Inc had likely appointed a firm to investigate.
Sony also said that it hired the law firm Baker & McKenzie to help it with the investigation.
On Monday, Sony said its PC games network had also been exposed to hackers, in an incident related to the massive break-in of its separate PlayStation video game network that led to the theft of data from 77 million user accounts. Sony revealed that attack last week.
The PlayStation network lets video game console owners download games and play against friends. The Sony Online Entertainment network, the victim of the latest break-in, hosts games such as “EverQuest” and “Free Realms,” which are played over the Internet.
Sony said late on Monday that the names, addresses, emails, birth dates, phone numbers and other information from 24.6 million PC games accounts may have been stolen from its servers as well as an “outdated database” from 2007.
A Toronto law firm on Tuesday launched a C$1 billion ($1.05 billion) proposed class-action suit against Sony for breach of privacy, naming a 21-year-old PlayStation user from Mississauga, Ontario, as lead plaintiff. The damages would cover the cost of credit monitoring services and fraud insurance for two years, the firm, McPhadden Samac Tuovi LLP, said in a statement.
