Congressional Hearing Regarding Data Security Today – Have Sony’s Answers Sufficed?
Sony has been in some real hot water lately, ever since it was let out that not only was the PlayStation Network breached, but that account information for over 77 million accounts had been compromised. Governments have gotten involved, including statements from Japanese Senator Yukio Edano, and now the United States Congress. A hearing is scheduled for today following a letter written to Sony (available after the jump). Will the troubled company’s answers be sufficient?
While the hearing‘s purpose is to “examine risks related to data breaches,” there is also going to be reporting on “the state of ongoing investigations,” which will no doubt include mention of the Sony breach. While Sony is not going to be present at the hearing, they did apparently promise to answer the 13 questions posed to them earlier than asked (the letter, addressed to Mr. Kazuo Hirai, asks for answers by Friday, while Sony stated they would have answers as of last night.). The questions from Mary Bono Mack, Replublican Representative for California’s 45th congressional district, and G.K. Butterfield, Democrat for North Carolina’s 1st congressional district, are as follows:
- When did you become aware of the illegal and unauthorized intrusion?
- How did you become aware of the breach?
- When did you notify the appropriate authorities of the breach?
- Why did you wait to notify your customers of the breach?
- Was the information obtained applicable to all accounts or a portion of the accounts? How many consumers or accounts were impacted by this breach, and how did you ascertain the number?
- Have you identified how the breach occurred?
- Have you identified the individual(s) responsible for the breach?
- What information was obtained by the unauthorized individual(s) as a result of this breach, and how did you ascertain this information?
- How many PlayStation Network account holders provided credit card information to Sony Computer Entertainment?
- Your statement indicated you have no evidence at this time that credit card information was obtained, yet you cannot rule out this possibility. Please explain why you do not believe credit card information was obtained and why you cannot determine if the data was in fact taken.
- What steps have you taken or do you plan to take to prevent future such breaches?
- Do you currently have a policy that addresses data security and retention practices? If not, why not? If so, what are those practices and do you plan any changes in your policies as a result of this breach?
- What steps have you taken or do you plan to take to mitigate the effects of this breach? Do you plan to offer any credit monitoring or other services to consumers who suffer actual harm as a result of this breach?
So it remains to be seen if Sony answered when they said they would, and if those answers would be enough for everyone waiting. Take a look at grabs of the full letter and hearing memo below, and let us know what you think. Stay with PlayStation LifeStyle for more on this pressing issue as it develops.