Sections

US Senator upset it took Sony “nearly a week” to inform customers over possible information breach

Tuesday, 26th April 2011 22:38 GMT By Stephany Nunneley

It looks as though Sony’s failure to inform customers that their data may have been compromised as early as April 20 has upset a US Senator.

According to the press release via Joystiq, Connecticut Senator Richard Blumenthal “demanding” and answer as to why SCEA is just now informing consumers of the hacker’s breach.

“When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised,” Blumenthal said in a release. “Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach.

“Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised.”

The Senator also sent SCEA president Jack Tretton an email on the matter, which again thanks to Joystiq, we have posted below.

Dear Mr. Tretton:

I am writing regarding a recent data breach of Sony’s PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.

It has been reported that on April 20, 2011, Sony’s PlayStation Network suffered an “external intrusion” and was subsequently disabled. News reports estimate that 50 million to 75 million consumers – many of them children – access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.

When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.

I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.

PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.

Sincerely,

Richard Blumenthal
United States Senate

Batten down the hatches and cover your ass(ets) we reckon.

Get caught up on everything related to the matter here and here.

Latest

17 Comments

  1. Hunam

    Knowing the US Government he’s probably being lobbied by Microsoft to write that letter.

    #1 3 years ago
  2. Stephany Nunneley

    @1 AH HAHAHAHAHAHA!!!!!!!!! :D :D :D

    #2 3 years ago
  3. Alakratt

    Patrick Garratt and VG247 having the time of their lives with this.

    #3 3 years ago
  4. OrbitMonkey

    Thank fuck Obama plays COD on the 360…

    #4 3 years ago
  5. Razor

    @3

    Lay easy on them.

    They don’t get out much, amirite :P

    #5 3 years ago
  6. Razor

    OT, this dude is quite right.

    Why the fuck did it take Sony so long, I don’t understand it. I mean sure you want to conduct investigations, but Jesus, tell people to prepare for the worst case scenario…which it just happens to be.

    #6 3 years ago
  7. Phoenixblight

    @6

    Agreed any hint of intrusion and you should be telling consumers “Hey heads up your personal info may be compromised.”

    #7 3 years ago
  8. Stephany Nunneley

    @5 You have no idea! :D

    #8 3 years ago
  9. Benjo1981

    Totally agree with this dude: Sony needs to explain why they took so long. Informing people earlier could potentially have restricted the damage!

    #9 3 years ago
  10. NightCrawler1970

    The attack was at 4-16-11, someone took $39,99 from my account an EA game… it was credited at 4-18-11 :((

    #10 3 years ago
  11. Ryzilient

    @9 While I agree that we should have gotten info much earlier, you’re going to new to quantify how telling is earlier would have restricted any damage.

    #11 3 years ago
  12. Lloytron

    Sony’s Q&A says it was detected on the 16th. TEN DAYS AGO!

    #12 3 years ago
  13. xino

    it was stupid of them not to tell their customers wtf is going on.

    #13 3 years ago
  14. Kerplunk

    A small bit of legal insight spotted elsewhere:

    “Before everyone gets up in arms about why Sony didn’t reveal this sooner, I actually just handled a matter similar to this for a client.

    Most states have a data breach notification statute that requires a company to notify clients, usually within 45 days, if there has been a breach of sensitive personal information such as credit card # + pin # or social security number…etc.

    However, some states go further and actually bar the release of client notifications UNTIL the company has contacted the state attorney general first.

    So, Sony have have needed to contact certain state attorney generals before they were legally allowed to notify clients that there may have been a data breach.

    That may or may not have been the case here and, in fact, may explain why Sony sent out a cryptic blog post earlier saying that they could not confirm that no information had been breached.”

    #14 3 years ago
  15. Mike W

    Come on guys, the editors are clearly taking advantage of this whole situation just to get hits on this site. Poor journalism is poor journalism, that is what we’re witnessing from this site these last of couple of days.

    #15 3 years ago
  16. THEBEARJOOO

    If This Is TheFirst Surprise Attack On Sony And They Dont Know Wats up Then theyre fucked

    #16 3 years ago
  17. THEBEARJOOO

    If This Is TheFirst Surprise Attack On Sony And They Dont Know Wats up Then theyre fuc* ked

    #17 3 years ago

Comments are now closed on this article.