IS SONY SORRY?
By Abu Bakar Munir
Following the attack, Sony’s CEO apologized to millions of PlayStation Network and Qriocity users. In the letter posted on the PlayStation blog, Howard Stringer states, “I know this has been a frustrating time for all of you…..Let me assure you that the resources of this company have been focused on investigating the entire nature and impact of the cyber-attack we’ve all experienced and on fixing it. We are absolutely dedicated to restoring full and safe services as soon as possible and rewarding you for your patience. We will settle for nothing less…As a company we – and I - apologize for the inconvenience and concern caused by this attack.”
Criticisms of Sony was for several reasons, among others, (1) the delay between discovering the problem and notifying customers, (2) the lack of meaningful updates as to when service would be restored, and (3) the seeming confusion over exactly what information had or had not been stolen. On the first issue, Sony’s CEO responded by saying, “This was an unprecedented situation. Most of these breaches go unreported by companies. Forty – three percent notify victims within a month. We reported in a week. You’re telling me my week wasn’t fast enough?”
What are the reactions of the privacy advocate and security professionals? Senior technology consultant at Sophos said that the breach “certainly ranks as one of the biggest data losses ever to affect individuals”. The Australian Privacy Minister, Brendan O’Connor, said he was “very concerned” about the theft of personal information and expressed disappointment that Sony took “several days” to inform about the breach. He further stated that this meant a mandatory “data breach notification” system now “appears necessary”.
Similarly, the Canada Privacy Commissioner said, “I was very disappointed that Sony did not pro-actively notify my office of the breach”. The British Information Commissioner’s Office stated that Sony will be questioned, and that an investigation will take place to discover whether Sony had taken adequate precautions to protect customer details. US Senator Richard Blumenthal of Connecticut demanded answers from Sony about the data breach. Sony had been asked to testify before a congressional hearing on May 2, 2011, but sent a letter instead.