Sony has apologised and admitted that it is creating a chief information security officer (CISO) position after last week's hack.
Some reports suggested that up to ten million people could be affected, rather than the initial 77 million. Sony executives apologised at the weekend for the hack with Sony Computer Entertainment president, Kazuo Hirai, and executives Shiro Kambe and Shinji Hasejima apologising for the theft of personal data from users of the company's PlayStation Network and Qriocity online services.
According to the Guardian, Hirai said that Sony deeply apologised for 'causing great unease and trouble to our users' and said that the FBI and other authorities had been contacted to start an investigation into what the company called 'a criminal cyber attack' at Sony's data centre in San Diego, California.
Hirai said that parts of the service would be back this week and that Sony would now beef up security, admitting that not enough precautions were taken. The report also claimed that Sony is now planning a 'Welcome Back' package, offering complimentary downloads and 30 days of free service around the world.
"I see my work as first making sure Sony can regain the trust from our users," said Hirai.
However according to Reuters, Sony has said that compensation would only be paid if users actually suffered damage. It has not confirmed the theft of credit card details and has only confirmed the theft of names and addresses.
In a separate statement, Hirai said: “This criminal act against our network had a significant impact not only on our consumers but our entire industry. These illegal attacks obviously highlight the widespread problem with cyber security.
“In addition, the organisation has worked around the clock to bring these services back online and are doing so only after we had verified increased levels of security across our networks."
Chester Wisniewski, senior security advisor at Sophos Canada, said: “Whether Sony's bad practices are an act of hubris or simply gross incompetence is hard to discern. Let's hope for the sake of Sony's customers and the poor souls in their public relations department that this is the last disclosure they will need to make related to this incident.
“It is important to remember that Sony is a victim as well, not just the 101.5 million customers whose personal information have been disclosed. Malicious attacks like this are a serious crime, it is just unfortunate that Sony had not taken a few preventative measures to be sure our information was safe.”