Thursday, May 5, 2011

Congress blasts Sony for response to network breaches

Thursday, May 5, 2011

Lawmakers ripped into Sony over its response to breaches of its PlayStation Network and Sony Online Entertainment service during a House committee hearing Wednesday about consumer data theft.

  • Sony headquarters in Tokyo.

    By Koji Sasahara, AP

    Sony headquarters in Tokyo.

By Koji Sasahara, AP

Sony headquarters in Tokyo.

Sony declined an invitation to testify about the April 19 data breach as did e-mail-marketing firm Epsilon, which suffered a breach announced last month that could have affected 60 million e-mail addresses. Their absences were "unacceptable," said Rep. Mary Bono Mack, R-Calif., who chaired the House Committee on Energy and Commerce subcommittee hearing.

"I hate to pile on, but in essence Sony put the burden on consumers to 'search' for information, instead of accepting the burden of notifying them. If I have anything to do with it, that kind of half-hearted, half-baked response is not going to fly in the future," said Bono Mack, who plans to introduce legislation to protect consumers against data theft.

Sony Computer Entertainment Chairman Kazuo Hirai sent responses to committee questions: "What is becoming more and more evident," he wrote, "is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyberattack designed to steal personal and credit card information for illegal purposes."

Bono Mack blasted Sony for its slow response. The company "first revealed information about the data breach on their blog," she said. "That's right, a blog."

Hirai also wrote that Sony learned of the breach April 19 and shut down the PlayStation Network April 20. Sony didn't inform PlayStation Network users until six days later that personal, and possibly credit card, data were compromised.

Sony is still not certain whether credit card data were swiped during the PlayStation Network breach.

On Monday, Sony Online Entertainment revealed it had shut down all services due to an intrusion. The breach exposed the personal data of 24.6 million subscribers and some financial info.

Hirai said the network attacks were a protest against Sony's lawsuit filed in federal court against a hacker. "Intruders had planted a file on one of our Sony Online Entertainment servers, named 'Anonymous,' with the words, 'We are Legion,'" he said.

Hirai also detailed additional security measures Sony took after the breaches.

Bono Mack asked the expert witnesses why Sony did not have such measures in place in the first place. "It boggles the mind," said Justin Brookman of the Center for Democracy & Technology.


Powered By | Full Text RSS Feed | Amazon Plugin | Hud Settlement Statement


Post a Comment