Governmental pressure is building on Sony for more information about its apparent security problem.
U.S. Sen. Richard Blumenthal (D-Conn.) sent a letter to Sony today criticizing the company's handling of a massive security breach that affected its PlayStation Network accounts two weeks ago, according to a New York Times report. The letter comes on the heels of yesterday's revelation that more data may have been stolen as part of the computer attack.
"I am deeply concerned about the egregious inadequacy of Sony's efforts thus far to notify its customers of these breaches or to provide adequate protections for users whose personal and financial information may have been compromised," Blumenthal said in the letter, his second to the company on the topic. "Sony's failure to adequately warn its customers about serious security risks is simply unconscionable and unacceptable."
One of the chief complaints from customers is how long Sony took to inform them of the breach. In addition to being sued by at least one person, Sony has attracted the interest of the U.S. House of Representatives, the government of the city of Taipei, Taiwan, and the British and Canadian privacy authorities. All want answers from Sony about why it took so long to tell customers of the breach and how customers would be compensated.
Sony warned 77 million customers on April 26 that their personal information, including names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, and usernames, as well as online user handles, had been obtained illegally by an "unauthorized person" between April 17 and 19. The company has said repeatedly that there is no evidence that credit card information was stolen.
In yesterday's announcement, the company said that during its investigation into the PSN breach, it discovered that attackers may have also obtained similar data for some 24 million Sony Online Entertainment customers. In addition, credit and debit card numbers and expiration dates (but not credit card security codes) for about 12,700 non-U.S. customers that were in an "outdated" database from 2007.
Two weeks after the hack and a mysterious weeklong outage of the service, Sony finally addressed the issue in a hastily organized press conference in Tokyo over the weekend. As part of an apology, Sony said it will provide free identity theft protection service and "will consider" helping customers who have to be issued new credit cards.