Sony has finally spilled the beans after a week-long (and counting) outage of its PlayStation Network — they were hacked, and the personal data of millions of users may have been stolen, including names, addresses, birthdays, and passwords. It’s unsure at this point whether or not credit card details were also stolen, but Sony didn’t rule it out.
As a response to the illegal intrusion, Sony has intentionally disabled its PSN and Qriocity services since last Wednesday. The company also hired a security firm to investigate the extent of the damage.
Users were only informed about the high-profile data thefts six days after the incident — by email, which can be found on PlayStation.Blog. But why six days? Why not immediately, considering the extend of data that might be stolen?
I’m guessing Sony didn’t want their tablet announcement to be overshadowed. After all, the S1 and S2 tablets come with Qriocity services.
No one will want to announce a product in such manner: “This is our new product. It comes with a service that were hacked a week ago, and user data were stolen. The service is now disabled, but rest assure it will work again when the tablets are available. Please trust us (again) with your credit card information.”
Senator Richard Blumenthal (D-Conn.) isn’t happy with the delay in notifying users. In a letter to Jack Tretton, president and CEO of Sony Computer Entertainment of America, he wrote.
I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.
When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft. [...]
Anonymous has denied responsibility in this round of attack, blaming Sony instead for being incompetent. That being said, no one can be sure whether other members of the AnonOps have acted by themselves.
Was the attack caused by the undesired limelight Sony placed itself into by suing Geohot? If yes, Sony paid a really high price this time for something unproductive.
I wonder how many of the million users will sue Sony this time around. Karma sucks.