Sony Exec To Testify Before Congress On PlayStation Breach

During the PlayStation Network outage, Sony was asked to appear before a U.S. House of Representatives committee to explain the situation. The company declined, sending an eight-page letter instead. Now it will go before Congress, when the president of Sony Network Entertainment visits a Tuesday hearing to answer questions.

Tim Schaff will testify before a House Energy and Commerce subcommittee, reports The Atlantic. Rep. Mary Bono Mack is the committee chair.

"While Chairman Bono Mack remains critical of Sony's initial handling of the data breaches, she also is appreciative that the company has now agreed to testify," a subcommittee aide told The Atlantic.

Bono Mack thinks Sony's experience with the 23-data network outage, and a data breach that compromised some 10 million credit card numbers, will be instructive as the committee prepares to "develop comprehensive data protection legislation," the aide said. The legislation should be introduced in the next few weeks.

In Sony's eight-page letter to Congress on May 4, Sony Computer Entertainment president Kazuo Hirai said Sony knew how the attack was perpetrated but not who was behind it. Hirai detailed additional security measures the company had taken and noted it was cooperating with the FBI and other law enforcement agencies to find those responsible.

Sony Exec to Testify About PlayStation Network Hack [The Atlantic]


    "The legislation should be introduced in the next few weeks."

    I am curious what exactly this means. Would legislation be something like a legal responsibility for companies that handle personal information to have their security systems up to a certain level. This would be welcome, though I would be surprised if this wasn't already the case.

    Or is this more related to punishments for the hackers and potentially Sony for their handling of this issue.

    @706 - Not really, bill will do things like make companies inform people of data breaches if necessary within a reasonable time period (60 days + extra time if requested by government agencies), data must be protected (at PCI-DSS levels), companies must delete obsolete user data after a time period to be decided by the company and industry, and a few other things focusing on mobile phones and geo-locational data.

    Keep in mind though the sub-committee is there to answer questions for members of congress, after this it'll have enter the house of reps, if it passes it goes through congress, if it passes again the president has to choose to sign it in to law and then it'll become law at a certain point (usually 1st July / 1st Jan for most legislation)

    The breach was caused by the network itself, all those PS3/Cell "super computers" have fused to form a self-aware entity that is smart enough to know that its parent company is a dung heap that needs turning.

Join the discussion!

Trending Stories Right Now