* Sony taps Data Forte, Guidance Software, Protiviti
* Mastercard, Visa might have helped pick investigators (Adds Senator Blumenthal comments)
By Jim Finkle and Liana B. Baker
BOSTON/NEW YORK, May 3 (Reuters) - Sony has hired outside investigators to help clean its networks and catch the people behind a massive breach that exposed the personal data of more than 100 million video game users.
The Japanese electronics giant has retained a team from privately held Data Forte that is led by a former special agent with the U.S. Naval Criminal Investigative Service to work alongside the FBI agents, who are also probing the matter.
Sony (6758.T) (SNE.N) said on Tuesday that it has also brought on cyber-security detectives from Guidance Software GUID.O and consultants from Robert Half International Inc’s (RHI.N) subsidiary Protiviti to help with the clean-up.
Officials with Sony and the three firms did not respond to requests for information about the investigation. Agents with the U.S. Federal Bureau of Investigation have said little about the matter, except that they are looking into the breach of data, which might include some credit card numbers.
Connecticut Senator Richard Blumenthal, in a letter to Sony on Tuesday, asked the company to clarify the number of compromised credit card accounts and requested a detailed timeline outlining what the company knew about what was stolen and when it was known.
Blumenthal said he would ask U.S. Attorney General Eric Holder to investigate the matter and check whether Sony’s subsequent handling of the breach would make it civilly or criminally liable.
“I would appreciate a direct and public answer detailing what the company will do in the future to protect its consumers against breaches of their personal and financial information,” Blumenthal wrote.
“It’s a significant operation,” said David Baker, vice president of services with electronic security firm IOActive, which is not involved in the investigation.
Sony also said that it hired the law firm Baker & McKenzie to help it with the investigation.
On Monday, Sony said its PC games network had also been exposed to hackers, in an incident related to the massive break-in of its separate PlayStation video game network that led to the theft of data from 77 million user accounts. Sony revealed that attack last week. [ID:nL3E7G30CH]
The PlayStation network lets video game console owners download games and play against friends. The Sony Online Entertainment network, the victim of the latest break-in, hosts games such as “EverQuest” and “Free Realms,” which are played over the Internet.
Sony said late on Monday that the names, addresses, emails, birth dates, phone numbers and other information from 24.6 million PC games accounts may have been stolen from its servers as well as an “outdated database” from 2007.
A Toronto law firm on Tuesday launched a C$1 billion ($1.05 billion) proposed class-action suit against Sony for breach of privacy, naming a 21-year-old PlayStation user from Mississauga, Ontario, as lead plaintiff. The damages would cover the cost of credit monitoring services and fraud insurance for two years, the firm, McPhadden Samac Tuovi LLP, said in a statement. (Additional reporting by Frank McGurty in Toronto and Siddharth Cavale in Bangalore; Editing by Steve Orlofsky)