US Senator Demands Answers From Sony Over PlayStation Network Data Breach

United States senator Richard Blumenthal is hopping mad - or in his words, "troubled" - by the lack of clear and timely communication from Sony over last week's PlayStation Network "intrusion." And he's got the sternly worded letter to prove it.

The attack on Sony's PlayStation Network and Qriocity service has gotten the attention of Senator Blumenthal of Connecticut who wrote to Sony Computer Entertainment America president Jack Tretton today. In that letter, Blumenthal writes that he is "troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections."

Blumenthal says the attack "raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information." Drafting his letter before Sony owned up to a major data breach, the senator notes his concern that "users' personal and financial information may have been inappropriately accessed by a third party."

"PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained," he concludes in his letter which can be read in full below.

We've contacted SCEA reps for response to the senator's letter.

April 26, 2011 Mr Jack Tretton President and CEO Sony Computer Entertainment America 919 East Hillsdale Boulevard Foster City, CA USA 94404

Dear Mr Tretton:

I am writing regarding a recent data breach of Sony's PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.

It has been reported that on April 20, 2011, Sony's PlayStation Network suffered an "external intrusion" and was subsequently disabled. News reports estimate that 50 million to 75 million consumers – many of them children – access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.

When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.

I am concerned that PlayStation Network users' personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.

PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.

Sincerely,

/s/

Richard Blumenthal

United States Senate


Comments

    Isn't Blumenthal that world class chef?

    Great picture by the way.

    Right on.

    The breach is bad enough, but it's been the lack of communication that has REALLY annoyed me even more than the breach itself.

      +1000 for this

      I know they have had daily updates on their PS blogs but not everyone reads the PS blog. Where is the email to users to let them know?

      They seem to be able to email me each month about new games and how I should spend my $$ but an email saying "hey there was a security breach and your personal info may have been stolen" is too much to ask for?

      WTF is the go with that!?

    This doesn't look good for Sony...

    It really just emphasises my view of Sony as being a money grubbing company who doesn't care about its customers. I mean.. most multi-million/billion companies are all about the bottom line.. that's business.. but many of those companies realise that without their customers, there is no business to be had.

    Sony has been resting too quickly on the back of the PS2 and Music/Movie label rather than really pushing to be the number one consumer electronics and media giant of the world. This is a prime example where they are too lax about dealing with things correctly.

    It's one thing for a small company like, for example, LUSH to not have "additional" measures in place.. but an entirely different matter for a multi-billion dollar company with tens of millions of "customers" to not already have "additional" measures in place and counter-measures etc. LUSH customers were told almost immediately about the compromise.. Sony has still not notified their customers, even though they have admitted to the breach over a week ago.

    Normally share values don't concern consumers and Sony's has certainly seen a big drop this week.. but add to this the damning publicity and they are really going to need to do a lot of work to get on top of it.

Join the discussion!