Senator Richard Blumenthal Demands Answers from Sony over Playstation Data Breach (Update from Sony’s Jim Reilly)


Connecticut Senator Richard Blumenthal wrote a letter to Jack Tretton, the President and CEO of Sony Computer Entertainment America (SCEA), “demanding answers” about why SCEA failed to inform customers of the data breach the PlayStation Network suffered on April 20, 2011.

“When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised… I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party,” Blumenthal wrote in the letter. “Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised.”

“Blumenthal called for Sony to provide PlayStation Network users with financial data security services, including free access to credit reporting services for two years, the costs of which should be borne by the company. Additionally, he argued that affected individuals should be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.”

What do you think? Should Sony have notified us sooner? Maybe SCEA didn’t realize what was going on until today. Also, I still haven’t received the promised letter from SCEA. Have you?

UPDATE: Sony’s Jim Reilly has stated over twitter that they were not aware of the data collected until yesterday 4/25/11.

“There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised.”

“It was necessary to conduct several days of forensic analysis and it took our experts until yesterday to understand the scope of the breach”

Blumenthal’s letter is after the jump.

April 26, 2011

Mr. Jack Tretton
President and CEO
Sony Computer Entertainment America
919 East Hillsdale Boulevard
Foster City, CA USA 94404

Dear Mr. Tretton:

I am writing regarding a recent data breach of Sony’s PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.

It has been reported that on April 20, 2011, Sony’s PlayStation Network suffered an “external intrusion” and was subsequently disabled. News reports estimate that 50 million to 75 million consumers – many of them children – access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.

When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.

I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.

PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.

Sincerely,

/s/

Richard Blumenthal
United States Senate

Source:Senator Richard Blumenthal


Written by: Oly - Senior PR Manager


  1. #1 by Eddie on April 26th, 2011 [ 44542 Points ]

    depends if that data was available before today. But yes, sooner is better.

  2. #2 by Pedro on April 26th, 2011 [ 39949 Points ]

    I’m starting to feel bad for Sony.

    I’m feeling like the s**t just hit the fan big time.

  3. #3 by scott on April 26th, 2011

    I believe sony didn’t notify anyone of the breach because the intrusion was not to gain access to personal info. The intrusion was carried out to gain software that was issued originally with your purchase of the ps3. This software was removed from the 3.21 update. the subject who hacked into the ps network is not interested in gaining access to personal information.

  4. #4 by xDeFcoN_2FasT4Ux on April 26th, 2011 [ 2160 Points ]

    Honestly, all this leads back to Geo Hotz or whatever, and all these pissy little hackers! Its really annoying. But yea On the blog they said they found out that peoples info was seen and what not just yesterday or something like that.

  5. #5 by Oly on April 27th, 2011 [ 132140 Points ]

    scott:

    I believe sony didn’t notify anyone of the breach because the intrusion was not to gain access to personal info. The intrusion was carried out to gain software that was issued originally with your purchase of the ps3. This software was removed from the 3.21 update. the subject who hacked into the ps network is not interested in gaining access to personal information.  

    ^

    huh? Where u get that idea? lol

  6. #6 by wmb on April 27th, 2011

    So a Senator is acting like a politiican and ranting. If they shot of their mouths less and thought more the country might be in better shape.

    According to the article, Sony did not know until the 25th about the private information being comprised. They seem to be doing a good job of notifying once they know.

    Sony are doing a good job keeping the network down until the intrustion has been fully investigated and the system is more secure, along with notifying people of a the data breach and steps they can take to protect themselves.

  7. #7 by Gianni on April 27th, 2011

    We should get something free like call of duty map packs not first strike the new one coming out and psn should get it first come on why do xbox 360 get it a month earleir come on

  8. #8 by Gianni on April 27th, 2011

    IF YOU Are there anoumous you are SO STUPID WHATTT DID WE DO TO YOU

  9. #9 by Emrah on April 27th, 2011 [ 7319 Points ]

    Did you read the EULA? Sony has the right to share your personal information with 3rd parties.
    ..
    ..
    ..
    ..
    /s

  10. #10 by Oly on April 27th, 2011 [ 132140 Points ]

    Emrah: Did you read the EULA? Sony has the right to share your personal information with 3rd parties.
    ..
    ..
    ..
    ..
    /s  

    LOL nice….

  11. #12 by premiersoupir on April 29th, 2011 [ 17020 Points ]

    Sony didn’t know about the information theft until several days later? Ha! People were posting publicly accessible logs from PSN showing the IP addresses of the attacker, the code inserted into the Sony servers, and the sort of data that was being culled the day after the attack. All this occurred on another PS3 news blog, which rightfully doesn’t get much love here thanks to its rabidly pro-h4xx0r bent. But still, the fifteen year-old would-be h4xx0rs knew what was going on before Sony? Right, that’s likely……..

  12. #13 by dave on May 3rd, 2011

    #8,

    Hackers dont care about that, their is no what did we do to you, they did this to get info. after I read this now I thank they were in it to get info. from people not to mess with Sony like I thought, I mean they did but that wasnt their goal they did this to distract you are us from something bigger that may happen or could happen, I mean thats want I thank anyway, they know that Congress, Home Security and god who knows who else will get in this mess with Sony, after all said and done when everybodies nose in this and ONLY looking into this cause this is BIG, something else will happen, not to Sony but something else at somewere else and or at some other websites or maybe BIGGER like government hacks, cause right now we are playing right into it we have are nose in Sony butts right now.


You must be logged in to post a comment.

Like trophies? Like giveaways? Want to speak your mind? Register here!