In a written letter to congress, SCE president Kazuo Hirai revealed that the platform holder had fallen subject to a "very carefully planned, very professional, highly sophisticated criminal cyber attack".
Sony added that it had found a text-file named "Anonymous" on one of Sony Online Entertainment's servers. The text-file included the statement "We are legion" — the group's catchphrase. Regardless of group associations, Sony said it had yet to track down the individuals responsible.
Representatives for the hacking group had previously stated that they had no involvement with the attacks, despite launching OpSony — an initiative designed to hurt Sony for its treatment of GeoHot — a few weeks prior. The hacking group did ultimately admit that due to the span of the group, it could not stop a rogue entity from launching an attack of this kind.
Sony reassured Congress that it still had not found any evidence of any credit card theft on the PlayStation Network servers, and that credit card companies had not flagged any fraudulent transactions as a direct result of the attacks. It seems, this attack was designed to hurt Sony's public image as hard as possible.
Sony also revealed that it now understands how the breach occurred, but declined to offer further information for fear of other companies with similar networks being attacked.
"We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer," Sony reiterated.
The company also outlined its plans of a "Welcome Back" reward to compensate customers, including a selection of PlayStation Network content and a free 30-day subscription to Sony's PlayStation Plus premium service. Sony added that current subscribers would receive an additional day to their subscription for every 24-hours the service is offline.