Senator slams Sony's response to security breach

Sen. Richard Blumenthal calls Sony's response its massive PlayStation Network security breach "unconscionable and unacceptable," according to a New York Times report.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

Governmental pressure is building on Sony for more information about its apparent security problem.

U.S. Sen. Richard Blumenthal (D-Conn.) sent a letter to Sony today criticizing the company's handling of a massive security breach that affected its PlayStation Network accounts two weeks ago, according to a New York Times report. The letter comes on the heels of yesterday's revelation that more data may have been stolen as part of the computer attack.

PlayStation Network breach

"I am deeply concerned about the egregious inadequacy of Sony's efforts thus far to notify its customers of these breaches or to provide adequate protections for users whose personal and financial information may have been compromised," Blumenthal said in the letter, his second to the company on the topic. "Sony's failure to adequately warn its customers about serious security risks is simply unconscionable and unacceptable."

One of the chief complaints from customers is how long Sony took to inform them of the breach. In addition to being sued by at least one person, Sony has attracted the interest of the U.S. House of Representatives, the government of the city of Taipei, Taiwan, and the British and Canadian privacy authorities. All want answers from Sony about why it took so long to tell customers of the breach and how customers would be compensated.

Sony warned 77 million customers on April 26 that their personal information, including names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, and usernames, as well as online user handles, had been obtained illegally by an "unauthorized person" between April 17 and 19. The company has said repeatedly that there is no evidence that credit card information was stolen.

In yesterday's announcement, the company said that during its investigation into the PSN breach, it discovered that attackers may have also obtained similar data for some 24 million Sony Online Entertainment customers. In addition, credit and debit card numbers and expiration dates (but not credit card security codes) for about 12,700 non-U.S. customers that were in an "outdated" database from 2007.

Two weeks after the hack and a mysterious weeklong outage of the service, Sony finally addressed the issue in a hastily organized press conference in Tokyo over the weekend. As part of an apology, Sony said it will provide free identity theft protection service and "will consider" helping customers who have to be issued new credit cards.