They Knew For Six Days: The PlayStation Network Hack Timeline
Joel Johnson — According to details from Sony themselves in a letter to congressional subcommittee, Sony was aware that data had been removed from their systems six days before warning customers that accounts had been compromised. All dates and times from Sony's missive to Congress.
April 19, 2011. 4:15PM PDT – Sony Network Entertainment America (SNEA) network team detects unauthorized activity in the network of 130 servers. Specifically, machines were "rebooting when not scheduled to do so." Analysis begins.
April 20, 2011. Early Afternoon – SNEA engineers discover evidence of "unauthorized intrusion" and that data had been removed from PlayStation Network servers. PlayStation Network shut down by engineers, taking 77 million registered PlayStation Network and Qriocity accounts offline. Sony retains service of computer security and forensic consulting firm.
April 21, 2011 – Sony retains services of second computer security and forensic consulting firm.
April 22, 2011 – Nine of ten compromised servers are mirrored by Sony and security firms. Sony Computer Entertainment America (SCEA) general counsel provides FBI with information about the intrusion. A meeting with the FBI is scheduled for Wednesday, April 27th, 2011. Sony acknowledges on their blog that their system had an "external intrusion", but mentions nothing about the loss of data and issues no warning to customers
April 23, 2011. Afternoon – Forensic teams confirm that intruders used "very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside the server."
April 24, 2011. Easter Sunday – Sony retains additional forensic team with "highly specialized skills" to "determine the scope of the data theft".
April 25, 2011 – Teams confirm account details compromised, including name, address, country, email, birthdate, PlayStation Network/Qriocity password, login, handle and network ID, but remain unsure if any of the 12.3 million global credit cards stored on the servers were compromised.
April 26, 2011 – Sony Network Entertainment and Sony Computer Entertainment America provide public notice of the intrusion and alert regulatory authorities in New Jersey, Maryland, and New Hampshire.
April 27, 2011 – SCEA alert regulatory authorities in Hawaii, Louisiana, Maine, Massachusetts, Missouri, New York, North Carolina, South Carolina, Virginia, and Puerto Rico.
May 3rd, 2011 – Sony Chairman Kaz Hirai sends letter to Congressional Subcommittee on Commerce, Manufacturing, and Trade explaining details of intrusion.