Why It Took Sony Seven Days to Alert PlayStation Network Users to the Security Breach

Illustration for article titled Why It Took Sony Seven Days to Alert PlayStation Network Users to the Security Breach

Personal details, and maybe even credit card details as well, have been stolen from the PlayStation Network after hackers broke into the system sometime before the 19th of April. But why did it take Sony so long to tell its customers—me! You! Your neighbor!—that they were hacked?


Sony took to its blog to explain just why:

"There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised. We learned there was an intrusion 19th April and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly yesterday evening."

Yesterday evening being the 26th of April, exactly seven days since Sony learnt its security had been compromised. In this day and age where we're accustomed to being alerted to privacy infringements straight away—I mean, how many emails have you had from e-tailers apologizing about a possible security breach recently?—it's shocking that it should take Sony seven days to cough up and explain what happened.

Oh, sorry—perhaps Sony's CSI agents were too busy doing their "forensic analysis." [PlayStation Blog via Kotaku]



When did they tell their customers? Because my email account tied to PSN has received nothing about this. A press release does not count as telling their customers. They have my contact info, but I'm supposed to read their blog to keep up with their screw up? If I owed them money they would email me, if I spent money on PSN they would email me, if I broke the rules and hacked my PS3 they would email me, but they screw up and it's silence.