Image Image Image Image Image Image Image Image Image Image

PS3Blog.net | June 23, 2021

Scroll to top

Top

13 Comments

Senator Richard Blumenthal Demands Answers from Sony over Playstation Data Breach (Update from Sony’s Jim Reilly)

Connecticut Senator Richard Blumenthal wrote a letter to Jack Tretton, the President and CEO of Sony Computer Entertainment America (SCEA), “demanding answers” about why SCEA failed to inform customers of the data breach the PlayStation Network suffered on April 20, 2011.

“When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised… I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party,” Blumenthal wrote in the letter. “Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised.”

“Blumenthal called for Sony to provide PlayStation Network users with financial data security services, including free access to credit reporting services for two years, the costs of which should be borne by the company. Additionally, he argued that affected individuals should be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.”

What do you think? Should Sony have notified us sooner? Maybe SCEA didn’t realize what was going on until today. Also, I still haven’t received the promised letter from SCEA. Have you?

UPDATE: Sony’s Jim Reilly has stated over twitter that they were not aware of the data collected until yesterday 4/25/11.

“There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised.”

“It was necessary to conduct several days of forensic analysis and it took our experts until yesterday to understand the scope of the breach”

Blumenthal’s letter is after the jump.

April 26, 2011

Mr. Jack Tretton
President and CEO
Sony Computer Entertainment America
919 East Hillsdale Boulevard
Foster City, CA USA 94404

Dear Mr. Tretton:

I am writing regarding a recent data breach of Sony’s PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.

It has been reported that on April 20, 2011, Sony’s PlayStation Network suffered an “external intrusion” and was subsequently disabled. News reports estimate that 50 million to 75 million consumers – many of them children – access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.

When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.

I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.

PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.

Sincerely,

/s/

Richard Blumenthal
United States Senate

Source:Senator Richard Blumenthal

PS3Blog.net