Sony has defended the length of time it took to disclose the massive data breach that left the personal details of up to 77 million customers in the hands of data thieves.
The Japanese gaming giant last night admitted that an ongoing outage on the PlayStation Network was down to a massive system breach, but the company sparked fury for delaying the announcement for a week.
Sony says the delay - following the intrusion between 17 April and 19 April - was necessary to give the company time to investigate the scale of the theft and to assess what information had been targeted.
“We learned there was an intrusion [on] 19 April and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident,” Patrick Seybold, corporate communications and social media director, said on the PlayStation blog.
“It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.”
However, Sony's tone did little to placate consumers, who felt they should have been alerted sooner – especially given that credit card details may have been compromised.
“Five days to come to the conclusion that credit-card data might have been compromised seems about four days too long,” posted Ratchet426 on the website.
“If there was enough of a perceived breach to shut the entire service down on the 19th I can’t imagine that a credit card data breach wasn’t also considered at the same time.”
This article originally appeared at pcpro.co.uk
Copyright © PC Pro, Dennis Publishing
Issue: 328 | June 2014
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.