Sections

Sony’s efforts on PSN breach called “half-hearted, half-baked,” at US Congressional hearing

Wednesday, 4th May 2011 19:40 GMT By Stephany Nunneley

Today, the US House Subcommittee on Commerce, Manufacturing and Trade held a hearing regarding the PSN breach, which was broadcasted live via C-SPAN., like most meet-ups between government officials. During the hearing, Representative and Chairman of the committee, Mary Bono-Mack, called Sony’s response to the matter “half-hearted,” and “half-baked.”

“In Sony’s case, company officials first revealed information about the data breach on their blog,” said Bono-Mack during the hearing (via Industry Gamers). “That’s right. A blog. I hate to pile on, but—in essence—Sony put the burden on consumers to ‘search’ for information, instead of accepting the burden of notifying them. If I have anything to do with it, that kind of half-hearted, half-baked response is not going to fly in the future.

“For me, the single most important question is simply this: Why weren’t Sony’s customers notified sooner of the cyberattack? I fundamentally believe that all consumers have a right to know when their personal information has been compromised, and Sony – as well as all other companies—have an overriding responsibility to alert them… immediately.”

The hearing was set to discuss the risk to consumers over the PSN data breaches, how the current investigation was going, what the current industry data security practices are comprised of along with how they can be changed, and what, if anything, can be used technologically to stop beaches like this in the future.

Not only was Sony being discussed, but also recent data breaches from Epsilon and ChoicePoint were pondered during the hearing as well.

Sony was not involved with the hearing, as it stated yesterday it was currently still involved in the investigation, but planned to comply with the deadline set by the hearing committee in answering all questions posed to it. This response, was posted earlier by Sony via its official PS Blog, and in it the firm blamed hacker group Anonymous for the recent security breach.

According to Sony, it found a file called Anonymous in its system files with the phrase “We Are Legion” attached to it.

“[Sony and Epsilon] must shoulder some of the blame for these stunning thefts, which shake the confidence of everyone who types in a credit card number and hits ‘enter’,” said Bono-Mack. “As Chairman of this Subcommittee, I am deeply troubled by these latest data breaches, and the decision by both Epsilon and Sony not to testify today. This is unacceptable.

“According to Epsilon, the company did not have time to prepare for our hearing—even though its data breach occurred more than a month ago. Sony, meanwhile, says it’s too busy with its ongoing investigation to appear. Well, what about the millions of American consumers who are still twisting in the wind because of these breaches? They deserve some straight answers, and I am determined to get them.”

The need to protect consumers via federal notification laws was also discussed, and if drafted and passed, it would make it a federal law for companies to notify consumers immediately should such a security breach occur again. Currently, laws such as this vary from state to state, with some not having a law on the matter present on the books at all.

Witnesses participating the hearing included: David Vladeck, director of the Federal Trade Commission’s Bureau of Consumer Protection along with Pablo Martinez, deputy special agent in charge of criminal investigations at the United States Secret Service.

Consumer advocate Justin Broookman and Technology and information security expert Eugene Spafford of Purdue University also participated.

Latest

52 Comments

  1. Blerk

    I… er… might wait for the edited highlights show.

    #1 3 years ago
  2. Stephany Nunneley

    Yeah, C-SPAN is known for its ability to put people to sleep. It’s a godsend for insomniacs.

    #2 3 years ago
  3. AHA-Lambda

    oh god study for exams or watch this……this is actually really hard to choose D=

    #3 3 years ago
  4. theevilaires

    HAAAAAAAAAAAAA What a joke look at that fossil he doesn’t know anything about this shit. The appropriate action is that we hunt down the hackers and make them pay. There are already steps and preventions set up to combat credit card theft. None of these people sitting in that room has ever purchased anything off PSN LMAO!

    They’re asking questions that should have been well taken care of and set after 9/11…..almost 10 years ago.

    #4 3 years ago
  5. onyxbox

    Video temporarily unavailable.
    Please try again later.

    OMG!!! – They’ve been hacked! :D

    #5 3 years ago
  6. OrbitMonkey

    I’m waiting for the movie. “Sonygate” Directed by Oliver Stone & starring Sean Penn as a crusading congressman, Kevin Spacey as a eeeeeeeevil Sony exec & Matt Damon as a daft Canadian bitch out for justice.

    #6 3 years ago
  7. XDamage

    ZZZZzzzz

    #7 3 years ago
  8. theevilaires

    Why do we have these stupid old fossils representing us! Why aren’t we the gamers there to explain this shit to these old monkeys! There should only be 25-35 year olds sitting in that room finding a solution to this. Not these old fools who don’t even understand the term hacked.

    #8 3 years ago
  9. Dr.Ghettoblaster

    @6, lol but who would play key role Mr. George Hotz? Maybe Seth Green with a fro.

    #9 3 years ago
  10. LOLshock94

    @9 Jesse Eisenberg

    MATT DAMON

    #10 3 years ago
  11. theevilaires

    “where do people go to sue?”

    Thats all these fuckers care about is money. I’m so ashamed of the USA and how we as a people look to kick people while they are down to gain an upper hand in life rather than work together and doing whats right.

    #11 3 years ago
  12. Tizzo86

    on time warner cable its channel 70? right

    #12 3 years ago
  13. theevilaires

    What consumer didn’t know!!!!? Anonymous had been threating to attack the SONY servers for weeks before this happened! EVERYONE KNEW! The second they said they were down for maintanice it was common sense they were being attacked. Hell two days before it all shut down someone here made a thread in the forum saying the euro and US PS blog was down and asked if it was another attack by anonymous. Why didn’t people brace themselves then!?

    Why isn’t anyone questioning the F.B.I. on their progress on tracking the hackers rather than grilling SONY. Anonymous committed a crime here not SONY. Don’t tell me after weeks of threats you morons think they’re innocent because they put out a vid saying it wasn’t them.

    After the events of 9/11 there was a tape of Osama Bin Laden stating he had no hand in the attacks of 9/11 but he was glad it happened. Did that stop the USA from going after him and ultimately killing him. Did people believe him? NO! They all were victims and they wanted revenge and they got it this week (supposedly).

    SONY-USA
    Consumers-Citizens
    Anonymous-Bin Laden
    Unauthorized Hacking-Terrorism

    #13 3 years ago
  14. JonFE

    @tea:

    Comparing the events of 9/11 where people actually died to a security breach is a bit rich even for you…

    #14 3 years ago
  15. Blerk

    The hackers’ crime was theft. Sony’s crime was negligence.

    #15 3 years ago
  16. Deacon

    …. I fail to see what this hearing achieved.

    But then I’m English and don’t know what a hearing is supposed to be/do.

    I take it it’s just a chat of sorts. Sadly this one did not have biscuits.

    #16 3 years ago
  17. RoarrrUK

    ..or cake :(

    I cancelled my cc’s when I found out about the breach. I shall be using prepaid cards from now on but tbh all I care about now is when on earth the PSN will come back up. How long has it been now?

    I dread to think of the lost revenue, not just for sony but for those selling content through the store.

    #17 3 years ago
  18. theevilaires

    A crime is a crime to me. In some parts of the world they cut your hand off for stealing.

    If Sony’s crime was negligence then so was the consumer because they were warned and threaten by Anonymous too. You had a full month to take your info down if you didn’t feel safe SONY could defend themselves. Since you didn’t you basically took responsibility too. You all mocked Anonymous vids daily too not taking them serious at all.

    Well if I tell you next week I’m going to walk in a place and set off a chain of bombs will you take me serious and warn your friends and co workers or will you say hahahaha what a joke this guy is.

    As soon as Anonymous said the worst was to come for SONY everyone of you should have took it serious and emailed SONY about their online security yet instead you waited until the worst to now claim false accusations that you have been a victimized by their negligence.

    As I matured from infant to toddler to child my parents taught me I had to take responsibility for some of my own actions and that they couldn’t tie my shoe every sec it came loose, or that they could wipe my ass every time I took a shit. We all have a certain responsibility to guard our own lives and well being and if you were foolish to put your life in a corporation that only cares about profits then your parents did a bad job teaching you responsibility.

    #18 3 years ago
  19. Blerk

    I have absolutely no idea why you’re tying yourself in knots to try and make Sony out to be blameless, tea.

    They fucked up. Full stop. The end.

    Let them fix it and move on. No amount of pretending it didn’t happen is going to undo what has already been done.

    #19 3 years ago
  20. OlderGamer

    Save your energy Blerk.

    #20 3 years ago
  21. Deacon

    I really wish all this shit had happened to Microsoft.

    #21 3 years ago
  22. daytripper

    @21 why? i wouldnt , gamers are the real victims in this, missing out on something they really enjoy and invested money in, regardless of company.

    #22 3 years ago
  23. OlderGamer

    I wish it hadn’t happend at all, to anyone.

    #23 3 years ago
  24. Deacon

    I honestly feel really bad for Sony. They were all set for an amazing year and now this whole incident has really tarnished their rep. It isn’t going to just wash away in a couple of weeks either.

    I don’t ever use Live. Even if I could stand the ridiculous amount of noise my 360 makes when running I still wouldn’t use it.

    So yeah. I wish this had happened to MS. Sony could do with a break and MS deserve some payback for years of shitty hardware manufacturing.

    #24 3 years ago
  25. JonFE

    Funny thing is that, according to tea, we are the ones to blame here, because we did not warn Sony that Anonymous was on their case or because we did not wipe our account information soon enough.

    Live and learn, as they say…

    There’s another saying, of course, about excuses and arseholes; surely somebody must have heard of it.

    #25 3 years ago
  26. daytripper

    @24 i feel bad for the gamers, imagine you havent got any money and being a playstation owner or a loyal one whatever way you put it, ask them for a couple of bucks to pay off some bills or give a friend his money back he borrowed you. they would tell you to fuck off or laugh. you dont owe them anything, its you who decides to buy their products and thats it. nothing more. same with microsoft and nintendo.

    i just want this thing to be over, especially before e3 so we can all play games, discuss them and get excited about whats coming soon.

    #26 3 years ago
  27. ManuOtaku

    #18 A crime is a crime thats true, but the cut off hand for stealing or a death penalty for that matter on other type of crime is a no no in my book, mostly because the sentences depends on the human factor, therefore is open for mistakes on the human part, and one mistake on a human life or a hand in an innocent person is to much to bare, for me at least, there is not 100% in anything in life therefore with lives or hands involve it shouldnt be done.

    That is nice now is the consumer fault, not sony, great now the user should dictate the tempo of things not the provider of a service, again the PSN is sony system they need to protect all the info in it, even the information of their users, the personal data and passwords, those were not encrypted at all, sony said this, oh thats right i should take care of that too, for the record those information is needed to have an account in sonys system and in order to access it, an in order to play games, now if the user bought the ps3 is easy to assume the user paid for it to play games as a primary reason, so if he/she wants to care of the information because of sonys own incapability, and according to your opinion, then he/she will not access the PSN then, becuase of the lack of the information needed to do so, therefore the user lost his money he did paid for the device, how nice, And also keep in mind in order to protect ourselfs like you put it, who is going to paid for the cost of the transactions needed to do so, becuase if you want to close a Credit Car and issue a new one you need to pay a fee, at least here in my country, oh yes right the consumer needs to loose money on that too, again so nice, please dont continue to comment on this because if these keeps up i need to sell my house and car to paid sony, for my own wrong doings, according with your believes of course.

    #27 3 years ago
  28. OrbitMonkey

    Tbh Tea makes a very good point about responsibility. Did I cancel my cc’s when GeoHotz cracked the ps3? Nope. Did I cancel them after the 1st DOS attack? Nope. No I waited till Sony told me the bad news 6 days after they turned off psn, so who’s to blame?

    Sony of course!! You fuckers lied to me!!! Why didn’t you keep me safe?!! RRRRRRRRAAAAAAAAAAAAAGGGGGGGGGEEEEEEEEEE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    #28 3 years ago
  29. NeoSquall

    half-hearted and half-baked? u kidding me?

    does the woman think Sony could send 77 millions of emails while under attack?

    what the fuck is she talking about?

    #29 3 years ago
  30. Razor

    ““That’s right. A blog. I hate to pile on, but—in essence—Sony put the burden on consumers to ‘search’ for information, instead of accepting the burden of notifying them.”

    I must have imagined Sony sending out those mass emails then.

    #30 3 years ago
  31. NeoSquall

    @30 She clearly doesn’t have a clue about what the PlayStation Blog is AT ALL.

    #31 3 years ago
  32. Stephany Nunneley

    @30 “I must have imagined Sony sending out those mass emails then.”

    Me too.

    #32 3 years ago
  33. DarkElfa

    TEA, Sony’s dick is so far in your mouth I can’t even see the balls anymore.

    There’s fanboy, then there’s lunatic. Do you own fucking stock?

    I love how its the consumer’s fault now. Everyone is at fault in your silly little mind but Sony, who we trusted to keep our private information secure and barely even managed to make a half assed attempt to do so. For me this isn’t about the attack, it’s about what happened before the attack.

    Sony cared so much about it’s customers that it basically handed the info to a bunch of subpar hackers that they’re now trying to blame it on Anon just so they can try and redirect the public’s anger at this situation. You need to grow up Evil, this isn’t one of your stupid little PS3 vs Xbox issues, this is serious life changing crap here having to do with extremely serious breaches of personal information.

    so stop standing with your back to the truth, waving your little Sony love sword at everyone who dares challenge your god and see what Sony has really done here.

    #33 3 years ago
  34. Phoenixblight

    ” this is serious life changing crap here having to do with extremely serious breaches of personal information.”

    Life changing?

    Mr. X: “Hello? Yes I would like to change my CC because there was a breach in the PSN and the hackers may have access to this card”
    CSR: “ALright looks like we are all set you will have a new card within a week. ANything Else you would like help with Mr. X”
    Mr. X: “Nope that would be it Bye”
    *click*

    Omg we better hatch down the doors and board up the windows. THe hackers are coming!!

    #34 3 years ago
  35. DarkElfa

    Your an asshole Phoenix, there’s more than just credit card data there. With the info they got, they can access and imitate all matter of identity. Sony just handed god knows who a blight of personal info and you want to make jokes about it?! What the fuck is wrong with you? This isn’t a damn joke.

    #35 3 years ago
  36. Phoenixblight

    @35

    Like what? they don’t have your social, no drivers license, worse they can do is access your CC(which SOny has said they don’t keep the security code on the server so even that is limited.) assuming you didn’t call the CC company and tell them your shit is compromised. Or they can stalk you.

    Thats all the info they have. You can’t do squat with that info. Really people put all the same info on Social Networks EVERYDAY and those are much easier to hack than the PSN and happens every day.

    #36 3 years ago
  37. Kerplunk

    “this is serious life changing crap here”

    If you being concerned with the security of the information that YOU provide to others over the internet is “life changing” to you then I’d say your attitude to your role in securing your own data must be pretty lax.

    Remember: this company isn’t holding information on you that YOU didn’t hand over to them yourself.

    The rage and finger-pointing I’ve witnessed by people that can’t be bothered to check their own bank details or update their own passwords is staggering. As usual there’s a huge bunch of people out there claiming to be victims who refuse to lift a finger to protect themselves.

    – Are Sony to be held accountable for this incident? Absolutely.

    – Should they be held solely accountable? Absolutely not.

    There’s a really important distinction between those two statements and a world of difference between them.

    Anyone who acts like Sony are the only factor in this is making a very clear statement to hackers that its OK to steal data and that those individuals probably won’t have made any efforts to secure their own data for themselves.

    And just watch, when the next data breach occurs – as it undoubtedly will – all the same victims will make the same arguments all over again.

    People need to start using more logic and more responsibility. A side ordering of common-sense wouldn’t go amiss either.

    #37 3 years ago
  38. Dr.Ghettoblaster

    I agree with 15.

    #38 3 years ago
  39. DarkElfa

    Oh, well hell Phoenix, then what’s all the hubub? Jeez, we aren’t in any danger at all are we? I think I’ll just post all that info in my next forum sig.

    #39 3 years ago
  40. FedUp

    THANK YOU SONY for being IRRESPONSIBLE with our data, taking too long to inform us of the breach that YOU let happen, then giving us FALSE feedback on the return of the playstation network, and then finally (so far) neglecting to give us any date in particular as to when the network will actually be up and running. YOU JUST LOST ANOTHER CUSTOMER!

    To those who intend to, foolishly in my opinion, stick with sony and wait for them to feed you more things that they messed up, I hope your prepared for the network to start up briefly and then get shut back downn again because I doupt they will do it right the first time.

    PS: XBOX!!!

    #40 3 years ago
  41. DarkElfa

    No Kerplunk, nobody is saying that Sony is solely responsible, but the fact is that we entrust them to keep what info we give them safe from intruders. If reports are accurate, they pissed on that by not even having proper encryption. Sure, hackers are responsible too, but the guys at work here weren’t exactly Neo.

    Think of it this way, where you are a bank customer, your info, money, the hackers, robbers and Sony the bank. Instead of putting your money in the vault, they practically left it on the counter. Now who do you blame more, the bumbling thief that broke into an incompetent bank or the incompetent bank that left your money laying around.

    The fact is I’m lucky that the only info Sony has from me is what little I supplied for the open beta of DCU.

    #41 3 years ago
  42. Dr.Ghettoblaster

    ^ Right, and the “money’s been laying on the counter”, the “doors have been unlocked” for the last 5 years since PSN’s launch in 2006, but nobody’s taken it till now…

    #42 3 years ago
  43. Blerk

    I’m still waiting for my notification email by the way, Sony. :-|

    #43 3 years ago
  44. Kerplunk

    @43 Mine took 2 days to reach me. You’ve commented that you have multiple accounts but that you don’t actually use them. It’s possible then that Sony would prioritise active accounts over inactive accounts when issuing communications. I’ve no idea how long it takes to route 70 million emails though.

    @41 I think it’s quite a large amount of creative licence to suggest anything was “left lying around”.

    “If reports are accurate” – Well, that’s quite a big IF given the sort of things we’ve read about CC card data being stored in plain text, passwords being stored in plain text, hackers ‘offering’ to sell data back to Sony and so forth. These reports are given top billing and lots of attention but the corrections that follow have been given far lower visibility.

    Now you’ve got people ranting that PSN isn’t back in the time frame ‘promised’ but overlooking the condition to that time frame where it was stressed that this would only occur once Sony were satisfied with whatever new security measures they’d planned to implement.

    So, sure, going by all the big headlines it’s all very black and white. But it seems a lot of corrections and details get overlooked in the rush to write outraged comments on the internet. Personally, I find things are rarely as black and white as is often made out.

    #44 3 years ago
  45. Blerk

    I have one active account and one inactive one. I’ve no idea what email address the inactive one is registered to, but my active account is on my main email address. They send me marketing stuff every week so I know they know I’m here and that their stuff gets through the spam filter, but…. not a sausage. No comms at all from them since the week before the switch-off.

    #45 3 years ago
  46. TheWulf

    “Anonymous-Bin Laden”

    http://www.youtube.com/watch?v=FopyRHHlt3M

    #46 3 years ago
  47. TheWulf

    @42

    Or so you THINK. :P

    #47 3 years ago
  48. ruckus

    I wonder how Charlie, Jeremy and Cousin Pete are getting on?_?

    #48 3 years ago
  49. theevilaires

    Blerk said: “I’m still waiting for my notification email by the way, Sony”.

    I love when SONY comes out and say they have X amount of PSN accounts and you’re one of the XBOTS who come in the comments and go ….but wait they sold X amount of consoles how can they have X amount of PSN accounts.

    Well people theres the truth. Blerk who doesn’t own a PS3 and vowed he never would buy one goes to one of his relatives and plays all the nice PS3 exclusives on their PS3 to avoid supporting SONY directly. He makes false accounts with no intention of ever buying a PS3. LMAO you want an email when we all know you would never enter your credit card information on a SONY network because you despise them and the PS3.

    Stop pretending to be a victim everyone knows you’re lying on the bandwagon to stir shit XBOT. Sad people who have no intention of ever buying a PS3 go out their way and waste precious time to try and slander SONY all day. FUCKING PATHETIC!

    #49 3 years ago
  50. Blerk

    I have a PSP, you knob. :-D

    #50 3 years ago
  51. daytripper

    i should of copyrighted the term “xbot”, i’d be a rich man

    #51 3 years ago
  52. ManuOtaku

    #51 i should copyrighted the term “anonymous” and “outage”, i will be a richier man than you 8D

    #52 3 years ago

Comments are now closed on this article.