Senator Richard Blumenthal Demands Sony Answer For PSN Hack
Connecticut Senator Richard Blumenthal spoke out after a statement issued by Sony Computer Entertainment confirmed that the recent hack of PlayStation Network had compromised the personal data of millions of their customers.
The Senator’s blast is the latest in a week of PR headaches for Sony, following the crash of their online network. PSN first went down on Wednesday, April 20; for two days, they claimed they were upgrading the service. Sony finally admitted on April 22 that the outage was due to hacking, after which they offered only tepid, noncommittal comments to increasing concerns about the security of their customer’s data. That changed earlier today with their admission that those responsible for bringing PlayStation Network down had gained access to a staggering amount of user data, possibly including credit card and billing information.
As we noted previously, it is inconceivable that Sony has only now discovered how serious this breach was; that they waited so long to disclose such a threat from their customers raises very serious questions about their risk management procedures and data protection, (not to mention how they regard their customers). Senator Blumenthal agrees, and in his strongly worded statement, the Connecticut Democrat demanded to know why Sony waited so long to make this news public. His letter to SCEA CEO Jack Tretton reads, in part:
When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.
I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.
Sentator Blumenthal serves on the Subcommittee on Antitrust, Competition Policy and Consumer Rights. The full text of his letter can be read on his official site.