With the 25th anniversary of the Chernobyl disaster upon us, it only seems fitting that Sony has provided us with a modern day version of what not to do when a crisis hits. Just like Soviet officials 25 years ago today that failed to provide warnings or evacuate those impacted by the Chernobyl meltdown until days later, Sony has done the same thing to their 70+ million subscribers affected by last week's data breach.
In a
post from earlier today, we passed along the update from Sony and the letter they would be sending out to all of the
PlayStation Network and
Qriocity account holders indicating that their personal data and account information had been breached. According to that letter, the data breach occurred between 4/17 and 4/19, but PSN wasn’t brought down until 4/20 and the public wasn’t notified until 4/26 that their data was compromised. On top of that, Sony has indicated that they do not believe, but cannot guarantee, that credit card info was stolen along with the personal and account data. So the hackers have had over a full week to use or sell the data they pulled from Sony without anyone of us knowing it.
This type of data breach and theft has happened many times in recent history (Retailers, Universities, etc) and can be hard to detect and harder to determine what was compromised. Unfortunately, Sony’s failing was to leave their subscriber base completely in the dark for seven days with vague updates hinting only that the service itself was disrupted. So for the last week, 70 million subscribers have been only worrying about when they would be able to get back online to play Black Ops, the new Mortal Kombat or watch a movie on Netflix, not that all of their personal info, and potentially credit card, was stolen.
Sony is now following the standard plan for data theft, which is to offer one-year free credit monitoring and stress that those affected keep an eye out for fraudulent activity. UPDATE: I completely misread the statement from Sony, as they are NOT offering the standard one year of credit service monitoring that other retailers and entities have offered when data is compromised. This is an even bigger slap in the face to the subscribers.
I would hope that this is not the only form or compensation that Sony offers their subscribers. Not only was our personal data breached, but so was our trust. Sony needs to do something other than follow the “oops, we screwed up and left data exposed playbook.” They need to earn our trust again and prove that our data will be safe and give us some sort of parting gift for the hassle of having to watch our backs because of their screw up. I don’t have any clue what that may be, but Sony needs to think long and hard about how they could have better handled this mess and learn from their mistakes.
This is an opinion piece and reflects the views of the author, and not necessarily those of the site and its administrators