Sony continues to have trouble recovering from the Playstation Network hack attacks of last month. After promising that some services would be restored within a week or so, Sony has now backed off to not promising really any services being available before the end of May, Bloomberg News reported over the weekend.
In the latest blog posting (6 May 2011) on the subject, Sony said that:
"... We’re still working to confirm the security of the network infrastructure, as well as working with a variety of outside entities to confirm with them of the security of the system. Verifying the system security is vital for the process of restoration. Additional comprehensive system checks and testing are still required, and we must complete that process before bringing the systems online."
"As you've heard us say, our utmost priorities are the security of the network and ensuring your data is safe. We won't restore the services until we can test the system’s strength in these respects."
Also over the weekend, the Financial Times of London reported (via Reuters) that Sony "... had removed from the Internet the names and partial addresses of 2,500 sweepstakes contestants that had been stolen by hackers and posted on a web site." The names were from a 2001 product contest that Sony had run.
"To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely. We are also moving ahead with plans to help protect our customers from identity theft around the world. A program for U.S. PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user [through Debix] was launched earlier today and announcements for other regions will be coming soon."
"As we have announced, we will be offering a 'Welcome Back' package to our customers once our PlayStation Network and Qriocity services are up and running. This will include, among other benefits, a month of free PlayStation Plus membership for all PSN customers, as well as an extension of subscriptions for PlayStation Plus and Music Unlimited customers to make up for time lost."
CEO Stringer also sort of apologized for Sony taking so long to notify customers of the breach, for which it has been roundly criticized. He said the reason for the delay was that "forensic analysis is a complex, time-consuming process" and it took Sony time to figure out what information had or hadn't been compromised. This, of course, begs the question as to why, once the company did find out it had been breached in a major way, Sony didn't immediately inform law enforcement right away.
The estimated cost to Sony of the whole affair so far may be as much as a $1 billion, a story in the Wall Street Journal reports. It is also being sued by Canadian law firm McPhadden Samac Tuovi LLP in a class action lawsuit for $1 billion (Canadian) as well. More lawsuits are likely to appear soon like weeds after a warm, May rain.
Already Sony's share price has dropped 6% since announcing the breach. If the problems are not turned around fairly quickly, the speculation is that CEO Stringer may be soon losing his job as well.
Finally, if this is not enough, there are rumors that a third hack attack is (was) being planned against Sony to punish the company for its poor response to the previous two hacking attacks.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.