Sony's efforts on PSN breach called "half-hearted, half-baked," at US Congressional hearing
Today, the US House Subcommittee on Commerce, Manufacturing and Trade held a hearing regarding the PSN breach, which was broadcasted live via C-SPAN., like most meet-ups between government officials. During the hearing, Representative and Chairman of the committee, Mary Bono-Mack, called Sony's response to the matter "half-hearted," and "half-baked."
"In Sony’s case, company officials first revealed information about the data breach on their blog," said Bono-Mack during the hearing (via Industry Gamers). "That’s right. A blog. I hate to pile on, but—in essence—Sony put the burden on consumers to 'search' for information, instead of accepting the burden of notifying them. If I have anything to do with it, that kind of half-hearted, half-baked response is not going to fly in the future.
"For me, the single most important question is simply this: Why weren’t Sony’s customers notified sooner of the cyberattack? I fundamentally believe that all consumers have a right to know when their personal information has been compromised, and Sony - as well as all other companies—have an overriding responsibility to alert them... immediately."
The hearing was set to discuss the risk to consumers over the PSN data breaches, how the current investigation was going, what the current industry data security practices are comprised of along with how they can be changed, and what, if anything, can be used technologically to stop beaches like this in the future.
Not only was Sony being discussed, but also recent data breaches from Epsilon and ChoicePoint were pondered during the hearing as well.
Sony was not involved with the hearing, as it stated yesterday it was currently still involved in the investigation, but planned to comply with the deadline set by the hearing committee in answering all questions posed to it. This response, was posted earlier by Sony via its official PS Blog, and in it the firm blamed hacker group Anonymous for the recent security breach.
According to Sony, it found a file called Anonymous in its system files with the phrase "We Are Legion" attached to it.
"[Sony and Epsilon] must shoulder some of the blame for these stunning thefts, which shake the confidence of everyone who types in a credit card number and hits 'enter'," said Bono-Mack. "As Chairman of this Subcommittee, I am deeply troubled by these latest data breaches, and the decision by both Epsilon and Sony not to testify today. This is unacceptable.
"According to Epsilon, the company did not have time to prepare for our hearing—even though its data breach occurred more than a month ago. Sony, meanwhile, says it’s too busy with its ongoing investigation to appear. Well, what about the millions of American consumers who are still twisting in the wind because of these breaches? They deserve some straight answers, and I am determined to get them."
The need to protect consumers via federal notification laws was also discussed, and if drafted and passed, it would make it a federal law for companies to notify consumers immediately should such a security breach occur again. Currently, laws such as this vary from state to state, with some not having a law on the matter present on the books at all.
Witnesses participating the hearing included: David Vladeck, director of the Federal Trade Commission's Bureau of Consumer Protection along with Pablo Martinez, deputy special agent in charge of criminal investigations at the United States Secret Service.
Consumer advocate Justin Broookman and Technology and information security expert Eugene Spafford of Purdue University also participated.