Sony is reported to be considering offering a reward for information leading to the arrest and prosecution of those behind the recent breach of its PlayStation Network (PSN).
The Wall Street Journal's All Things Digital reported today that a bounty is one of several options Sony is considering to try and get information on the hackers responsible for the intrusion.
No final decision has been made yet, and the company could still drop the plan entirely, the report, which quoted unnamed sources, said.
Discussions on the pros and cons of offering a bounty are ongoing and will require approval from Sony's executive team in Japan, the report said.
If the plan does move ahead, Sony will work with the FBI and other international law enforcement authorities to offer the reward, it noted.
The reward apparently is just one of the options Sony is considering as it works with law enforcement to track down the perpetrators.
Sony did not respond to a request for comment on the bounty that it is allegedly considering.
Sony's PlayStation Network has been offline since April 20th following a malicious intrusion. The breach compromised the names, addresses, birth dates, purchase histories, online IDs and in some cases credit card data, of 77 million subscribers to PSN and its Qriocity service, the company said.
Sony disclosed the breach more than six days after it had abruptly shut down PSN. The breach has become a high-profile example of the challenges companies can face when investigating sophisticated cyberattacks.
In a letter to Senator Richard Blumenthal (D-CT) last week, Kazuo Hirai, president and group CEO of Sony Computer Entertainment, offered one of the most detailed timelines of the breach yet.
The letter was sent in response to a demand from Blumenthal seeking more information from Sony on what exactly had happened, and why the company had delayed notifying consumers about the breach.
Hirai said Sony first encountered problems with PSN on April 19, when several of the 130 servers running the network, began unexpectedly rebooting themselves. The unusual activity prompted network engineers from Sony Network Entertainment America to immediately take four servers offline and begin an inspection of the systems.
On April 20, the team recruited more people into its internal investigation team and quickly discovered that an intruder had broken into the network. That same day, investigators discovered that six other servers had also possibly been compromised.
The company hired an external security team to mirror the servers and conduct a forensic analysis of the systems. As the size and scope of the attack began emerging, Sony hired a second forensics team and then a third company to help assist the company with its investigations.
Sign up for Computerworld eNewsletters.