Sony Chairman and CEO Howard Stringer apologized today for the PlayStation Network breach, as meanwhile the company released specific details regarding the identity-theft monitoring promised to its customers whose personal information was exposed in the cyberattack.
Sony has made a deal with identity-protection firm Debix to offer a service called AllClear ID Plus for free to U.S. customers registered with PlayStation Network or Qriocity prior to the attack two weeks ago, Sony spokesman Patrick Seybold wrote in a blog post today.
Stringer today publicly apologized to customers for the first time in a separate letter posted to the PlayStation blog.
"As a company we--and I--apologize for the inconvenience and concern caused by this attack. Under the leadership of Kazuo Hirai, we have teams working around the clock and around the world to restore your access to those services as quickly, and as safely, as possible," Stringer wrote.
Before today, Hirai had been the highest-ranking Sony executive to address the security breach, leaving many, including us, to wonder why the CEO had remained silent.
Stringer addressed the question that many customers and members of Congress have asked: why did Sony take so long to inform customers their information may have been stolen?
"It's a fair question," he wrote. "As soon as we discovered the potential scope of the intrusion, we shut down the PlayStation Network and Qriocity services and hired some of the best technical experts in the field to determine what happened. I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had--or had not--been taken."
Stringer emphasized that the identity-theft monitoring program the company is offering customers has a "$1 million identity-theft insurance policy" included. Customers will be able to enroll in the program through an activation e-mail they'll receive "over the next few days." Registration will be open till June 18.
Sony says this offer applies only to U.S. customers, but it is working on similar offers for PSN and Qriocity account holders in other countries. Sony did not mention whether a similar offer would be made to Sony Online customers whose information was also exposed.
On Friday morning Sen. Richard Blumenthal (D-Conn.) said in a statement that Sony's offer of free identity monitoring was a "strong first step."
"While I continue to believe that Sony should have warned users earlier, I am pleased they are providing protective measures including an insurance policy to cover identity theft harms to consumers within a 12-month window - but I would hope Sony would extend coverage over a longer time on a case-by-case basis if necessary," he wrote.
This comes two days after Blumenthal slammed Sony for its "egregiously inadequate response" to the attacks.
The company says it still doesn't know who orchestrated what it's calling a "highly sophisticated, planned" attack that exposed the records of more than 100 million of its customers two weeks ago. The company is still working to retool its servers and bring PlayStation Network and Qriocity back online. Sony said today that it is in the "final stages of internal testing" before restoring service.
Sony said over the weekend that it planned other ways of compensating customers, though no further information was included in today's update.
On the weekend, Sony said that in addition to ID-theft monitoring, it would offer some free downloads and 30 days of free PlayStation Plus premium service to Sony customers affected by the breach. Qriocity Music Unlimited subscribers will also get free service for 30 days.
Updated at 12:40 p.m. PDT 5/6 with Blumenthal response, and at 5:55 p.m. PDT 5/5 with information from Stringer's letter.