Hackers left Sony a taunting message after they got into more than 24 million user accounts, the company told Congress on Wednesday, while a major data breach at the online marketing firm Epsilon was the result of a single employee's compromised account.
Although representatives from Sony or Epsilon refused to testify at Wednesday's subcommittee hearing, their written responses revealed new details about the attacks.
Hackers stole personal information from more than 100 million customer accounts at Sony. A separate attack hit Epsilon and lawmakers say they want more information from the companies.
Epsilon said it discovered its breach on March 30 when an employee noticed suspicious activity on his or her account. Company investigators found that the employee's credentials had been compromised, according to a letter sent to the House Subcommittee on Commerce, Manufacturing, and Trade on April 18. Epsilon sends e-mails on behalf of a range of corporations, including Citigroup, Walgreens, and Capital One.
When hackers attacked Sony in a breach reported on Monday, they left a file named "Anonymous" with the words "We are legion," according to a letter from the company.
"Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group Anonymous," the letter states. "The attacks were coordinated against Sony as a protest against Sony for exercising its rights in a civil action in the United States Court in San Francisco against a hacker."
Anonymous has released a statement denying any involvement in the latest data breach.
Whoever is responsible, Sony says is was the victim of a "very carefully planned, very professional, highly sophisticated criminal cyberattack."
For more on Wednesday's hearing and congressional reaction, visit our new Tech page.