When a company's security system fails like Sony's PlayStation Network did, resulting in the second-largest data breach in U.S. history, there will be a lot of opinions shared of exactly how to make it up to customers.
A U.S. senator and at least one class-action lawsuit have called for Sony to provide free credit monitoring, and in the latter's case, monetary damages. But legal obligations aside, how does Sony make up for lost time for customers using their service, lost personal information, and lost trust?
This is what Sony has come up with so far: free identity theft monitoring service for a year, one to two months worth of free premium PlayStation or Qriocity service depending on your existing subscription status, some free downloaded content, and in-game bonuses for several popular titles. That free content, which was hinted at by Sony several weeks ago, was announced yesterday: PlayStation 3 owners can choose from among five video games and pick two to download for free. PlayStation Portable owners can choose two free games from among four. And at a later date, PSN users will get one weekend of "select" free movie rentals.
But considering the deficit with customers Sony has to make up, that's not enough.
Here's what we know was lost: for just shy of four weeks, 77 million PlayStation 3 and PlayStation Portable owners were unable to access gaming and video hub PlayStation Network and Qriocity, a music and entertainment service. Sure, it's a free service, but one that enhances games that people have already paid for. So that's three weekends without playing games online with friends and downloading and watching movies, which are for some people primary leisure activities.
And then there is the time, effort, and inconvenience of getting a new credit card number. There were around 10 million credit cards on file with Sony, and Sony has said repeatedly it does not believe credit card numbers were stolen, but advised its customers to exercise caution. Many people will take the better-safe-than-sorry route and get a new one.
We don't know who might have all this personal information taken from Sony, but it's not outside the realm of possibility that whoever does have it will either use it for illegal purposes or sell it to someone who will. That could result in phishing attacks or outright fraud.
And what about trust? Sony's brand has taken a thrashing, not only for the breach itself, but the slowness to which they informed their customers that their information was stolen. How will Sony rebuild that?
Free credit monitoring is a good and necessary gesture. But it does not seem exactly a great burden on Sony to offer games that are between two years and six months old. And why not free movies to own instead of just rentals? Or why not a hotly anticipated title? Many brand new games are not available immediately in digital download form, and Sony can't make partner game makers help them out. But Sony has plenty of its own game studios.
In a CNET poll on Friday we asked readers what they considered fair compensation from Sony. Out of more than 5,000 responses, 57 percent said "a free AAA game and free PlayStation Plus." A commenter named 1812dave thought even that wasn't enough, writing, "Sony should provide FULL REFUNDS to anyone who is the original owner of a PS3, along with FULL REFUNDS for the games primarily used for on-line play (which is most of them!)."
PSN working after hiccups, says Sony
Hiccups dog PlayStation Network restoration
Sony begins relaunching PlayStation Network
While that may be unrealistic, it at least shows the range of customer expectations Sony is dealing with.
A reader named DaFees was particularly unmoved by Sony's offer for free PlayStation Plus service, which is a premium version of PSN, but with extra benefits. "To offer everyone a free month of PSN+ is a slap in the face and allow me to explain why. PSN+ offers gamers opportunities to own free games and enjoy additional services like cloud storage and such," DaFees wrote. "The big catch here is that once that month is up all said benefits are lost. You can no longer play those free games and can no longer access your cloud saves. Basically for that first month if someone asks you, 'Hey, how did Sony compensate you over that whole PSN fiasco?' you can answer them by showing them what you can do with your PSN+ membership, but once that month is up, what do you have to show to people? NOTHING, that's right."
When large companies experience a public relations disaster on the level that Sony has, it's not required but it certainly makes sense to go above and beyond their legal obligation to their customers to prove how important they are to the company.
When the iPhone 4 received bad press about its antenna reception, Apple initially tried to downplay it. When it ballooned into a story that dominated the device's first week of sales, the company ended up calling a press conference and making a gesture that surpassed their obligation: they offered everyone who bought an iPhone 4 a free phone case that normally would cost about $15 to $35 at retail. Sure, Steve Jobs wasa little grumpy about it, but it certainly shut everybody up. And people continued to buy iPhones.
The relief and excitement on Saturday when Sony announced PSN would restart was very apparent in reader comments here and on other sites. It's understandable--PSN users are very passionate about the product. Most people probably didn't spend much time questioning what they'd get in return form Sony, they just wanted to be able to play games on PSN again.
But there's something else that hasn't gotten a lot of attention in the U.S., which is understandable since it doesn't really affect PlayStation customers here. But it should probably give us pause that Sony's home country of Japan won't even allow the company to restart access to PlayStation Network because it hasn't satisfied some unspecified "measures." We can very easily imaging those measures have to do with privacy and security, and if PSN would withstand another attack on its network like the one we just witnessed.
So even though PSN is working again, it's not entirely clear that the security situation is completely fixed. Which makes free access to the network and free content an even more questionable tradeoff.
This story was corrected at 9:32 a.m. PT to note that PS3 and PSP customers can choose two free games each, not one each as previously stated.