WASHINGTON – The data breach that hit Sony’s PlayStation Network resulted from a “very carefully planned, very professional, highly sophisticated criminal cyber-attack designed to steal personal and credit card information for illegal purposes,” a Sony executive said.

In a letter to members of the House Commerce Committee released Wednesday, Kazuo Hirai, chairman of Sony Computer Entertainment America LLC, defended the company’s handling of the breach.

Sony first disclosed the attack last week and said it may have compromised credit card data, email addresses and other personal information from 77 million user accounts. On Monday, Sony said data from an additional 24.6 million online gaming accounts also may have been stolen.

The company has shut down the affected systems while it investigates the attacks and beefs up security. Hirai said Sony is working “around the clock to get the systems back up and to make sure all our customers are informed of the data breach and our responses to it.”

Addressing criticism that the company waited too long to inform customers, Hirai said Sony waited until it had a solid understanding and confirmation of the extent of the attack and its implications.

“Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence,” he wrote.

Although Sony began investigating unusual activity on the PlayStation network on April 19, it did not notify consumers of the breach until April 26.

Hirai’s letter said the company knows who is responsible for the attack and is working with outside security and forensics consultants and the Federal Bureau of Investigation.

Hirai’s letter was in response to an inquiry by the House Commerce Subcommittee on Commerce, Manufacturing and Trade. Sony officials were invited to testify at a subcommittee hearing on data breaches held Wednesday, but did not appear.

One witness, David Vladeck from the Federal Trade Commission, called for legislation that would require companies to implement reasonable data security policies and procedures.