Why It Took Sony 7 Days To Alert PSN Users To The Security Breach

Personal details, and maybe even credit card details as well, have been stolen from the PlayStation Network after hackers broke into the system sometime before April 19. But why did it take Sony so long to tell its customers - me! You! Your neighbour! - that they were hacked?

Sony took to its blog to explain just why:

"There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised. We learned there was an intrusion 19th April and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly yesterday evening."

Yesterday evening being April 26, exactly seven days since Sony learnt its security had been compromised. In this day and age where we're accustomed to being alerted to privacy infringements straight away - I mean, how many emails have you had from e-tailers apologising about a possible security breach recently? - it's shocking that it should take Sony seven days to cough up and explain what happened.

Oh, sorry - perhaps Sony's CSI agents were too busy doing their "forensic analysis". [PlayStation Blog via Kotaku]


Comments

    Perhaps Sony wanted to know exactly what happened to better explain to the customers? Sure we get those emails sometimes, but all it says is, "there's been a breach," I am a PSN customer, now i know they're taking appropriate action to make sure it never happens again.

    It took them 7 days to figure out there was no way to sugar coat it.

    David no offense but if you follow the hacking scene you'll realise what a joke Sony's security has been. It's basically since they've taken away OtherOS that all this has started.

    I still haven't had an email from them - has anyone else been informed?

      I literally just got mine 2 minutes ago...

    Checked my email before leaving for work - still nothing.

    I got an E-mail yesterday morning, and I agree - There's just -no- excuse in this day and age for taking such a long time to let anybody know what was going on.

    A professional, and respectable action would have been to alert users to an intrusion. If that happens, people should be looking to change their passwords straight away, irregardless of whether you know what data is taken.

    Then, when you know exactly what's happened, you can tell people some more. That would be breed confidence, and show that you as a company, take users rights, security, and wellbeing seriously.

    But of course, we're talking about Sony.

Join the discussion!

Trending Stories Right Now