Sony Corp. said it contacted the U.S. Federal Bureau of Investigation and took action to protect its websites after intrusions by a group of hackers.
“We have confirmed that a breach has occurred and have taken action to protect against further intrusion,” Michael Lynton, chairman of Sony Pictures Entertainment, said in a statement. “We also retained a respected team of experts to conduct the forensic analysis of the attack.”
A group calling itself LulzSec posted statements online saying it broke into SonyPictures.com and downloaded unencrypted personal information, including passwords, e-mail addresses and dates of birth from 1 million user accounts.
The attack was the latest on Tokyo-based Sony, which in the past two months said more than 100 million accounts were compromised after hackers broke into its networks. Sony, which two days ago resumed full operation of the PlayStation Network in the U.S. and Europe after six weeks of suspension, said last month the intrusions will cost about 14 billion yen ($173 million) this fiscal year.
“My biggest concern is whether the expense related to unauthorized accesses will stay within 14 billion yen,” Tsunenori Ohmaki, an analyst at Tachibana Securities Co. in Tokyo, said yesterday. Online businesses have become more important to Sony as its main TV unit probably won’t contribute to earnings in the near future, he said.
LulzSec, which described the attack only as recent, posted customer information online from what appeared to be sweepstakes and loyalty-program databases, including one tied to the long-running soap opera “The Young and the Restless.” The group also took information from Sony music operations in Belgium and the Netherlands, it said.
“It’s just a matter of taking it,” LulzSec said in its statement. “This is disgraceful and insecure; they were asking for it.”
Sony fell 0.6 percent to close at 2,129 yen in Tokyo trading yesterday, extending its loss this year to 27 percent. The Nikkei-225 Stock Average has lost 7.2 percent this year.
The maker of Bravia televisions and Walkman music players has been facing series of intrusions to its online entertainment services, forcing an April 20 shutdown of the Qriocity and PlayStation Network services. Sony also halted some Internet services in Canada, Thailand and Indonesia last month after detecting unauthorized accesses.
Intruders stole the names and e-mail addresses of about 2,000 customers at Sony Ericsson Mobile Communications AB’s Canadian website, while a site in Thailand may have been modified to help send fraudulent e-mails, Sony said last month. The company also suspended a site in Indonesia because of a suspected attack and found Web codes for the Japanese music unit were stolen.
At Sony Music Entertainment (Japan) Inc., hackers have stolen programming code related to artists’ sites, Yoshikazu Takahashi, a spokesman at the unit, said last month.
Tim Schaaff, president of Sony Network Entertainment International, appeared before a congressional panel June 2 to defend the company’s response to the April data breach.
Sony restored the PlayStation Network in all markets except Japan, Hong Kong and South Korea on June 2. Users of its Qriocity entertainment services will be able to download music with the resumption, while video on demand will remain suspended until further notice, it said.
Sony increased the number of firewalls between servers and added software to monitor intrusions and system vulnerabilities before resuming the services.