Sony Continues to Stumble About in Wake of PlayStation Network Hack Attack

Sony continues to have trouble recovering from the Playstation Network hack attacks of last month. After promising that some services would be restored within a week or so, Sony has now backed off to not promising really any services being available before the end of May, Bloomberg News reported over the weekend.

In the latest blog posting (6 May 2011) on the subject, Sony said that:

"... We’re still working to confirm the security of the network infrastructure, as well as working with a variety of outside entities to confirm with them of the security of the system. Verifying the system security is vital for the process of restoration. Additional comprehensive system checks and testing are still required, and we must complete that process before bringing the systems online."

"As you've heard us say, our utmost priorities are the security of the network and ensuring your data is safe. We won't restore the services until we can test the system’s strength in these respects."

Also over the weekend, the Financial Times of London reported (via Reuters) that Sony "... had removed from the Internet the names and partial addresses of 2,500 sweepstakes contestants that had been stolen by hackers and posted on a web site." The names were from a 2001 product contest that Sony had run.

Going back to last week, Sony Chief Executive Officer Howard Stringer finally apologized on Thursday for breach after a long silence. He said in his apology that:

"To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely. We are also moving ahead with plans to help protect our customers from identity theft around the world. A program for U.S. PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user [through Debix] was launched earlier today and announcements for other regions will be coming soon."

"As we have announced, we will be offering a 'Welcome Back' package to our customers once our PlayStation Network and Qriocity services are up and running. This will include, among other benefits, a month of free PlayStation Plus membership for all PSN customers, as well as an extension of subscriptions for PlayStation Plus and Music Unlimited customers to make up for time lost."

CEO Stringer also sort of apologized for Sony taking so long to notify customers of the breach, for which it has been roundly criticized. He said the reason for the delay was that "forensic analysis is a complex, time-consuming process" and it took Sony time to figure out what information had or hadn't been compromised. This, of course, begs the question as to why, once the company did find out it had been breached in a major way, Sony didn't immediately inform law enforcement right away.

The estimated cost to Sony of the whole affair so far may be as much as a $1 billion, a story in the Wall Street Journal reports. It is also being sued by Canadian law firm McPhadden Samac Tuovi LLP in a class action lawsuit for $1 billion (Canadian) as well. More lawsuits are likely to appear soon like weeds after a warm, May rain.

Already Sony's share price has dropped 6% since announcing the breach. If the problems are not turned around fairly quickly, the speculation is that CEO Stringer may be soon losing his job as well.

Finally, if this is not enough, there are rumors that a third hack attack is (was) being planned against Sony to punish the company for its poor response to the previous two hacking attacks.

Go figure.

Related Stories

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 

Newsletter Sign Up

Sign up for the ComputerWise newsletter and get biweekly news and analysis on software, systems, and IT delivered directly to your inbox.

Advertisement
Advertisement