Sony Now Claiming They Delayed Announcing User Data Breach Due To “Forensic Analysis”
It’s been a bad, bad week for Sony Computer Entertainment. Remember how they waited 6 days before finally admitting that millions of PSN members’ data had been compromised? Oops. Sony’s foot-dragging approach to disclosing threats to their customers only made their PR nightmare worse. Everyone and their dog, including Senator Richard Blumenthal wanted to know why the hell Sony waited so long to warn customers their data had been compromised.
Sony’s first attempt to mollify their increasingly numerous critics – a PSN hack FAQ – bombed. The question of what took so long grew louder, so today they’ve tried again. Over on PlayStation Europe’s site, SCEE Head of Communication Nick Caplin blogged Sony’s official response, and it’s hilarious:
There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion 19th April and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly yesterday evening.
So let’s recap: After spending two days alternately claiming PSN was down due to unknown factors and that they took it down for maintenance before admitting they were hacked, they’re claiming the delay was because of CSI reasons. Really? Really, Sony?
Even if they weren’t aware of the full scope of the threat, Sony had a responsibility to inform their customers the second they detected the breach. That they didn’t indicates not that they were investigating and we needn’t worry our pretty little heads about it, but that they were sitting on the information in hopes that nothing bad happened. If I were a betting man, I’d wager that had the data not been compromised, they’d still be claiming PSN was down for maintenance.
They say it isn’t the crime, it’s the cover-up and nowhere is that more true than here. I’ve said repeatedly that it’s impossible they weren’t aware of the problem sooner, and this latest post confirms that. Unfortunately, it also confirms Sony thinks we’re a bunch of rubes they can gee-whiz into shutting up with serious sounding sciencey words like Forensic analysis.
Sorry Sony, but your placated customers are in another castle.