Richard Blumenthal, Democratic US senator for Connecticut, has written to SCEA president Jack Tretton, taking the firm to task for its failure to notify in good time the users whose personal information was taken by the hacker who breached PSN’s security.
Blumenthal wrote to Tretton after the news broke yesterday, and has posted a copy on his official website, in which he writes: “A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.
“When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised.
“I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach.“
Blumenthal reminds Sony of its responsibilities to affected US customers, pointing out that it should offer financial data security services for two years, and provide users with “sufficient insurance to protect them from the possible financial consequences of identity theft.” The firm has already posted the details of several credit checking firms on its blog but is yet to outline what further support it will provide.
PlayStation Network was taken down on the evening of Wednesday April 20, and remains unavailable, with Sony saying it is “rebuilding” its security infrastructure to safeguard against further attacks. The firm waited until last night – over a week after it first noticed a security breach on April 17 – to notify users that their personal data was at risk. Sony insists it only realised the extent of the damage yesterday.
Source: Richard Blumenthal