PSN data breach angers CT Senator

Senator Richard Blumenthal (D-CT) drafted a letter to SCEA president Jack Tretton, citing their "troubling lack of notification" as reason to provide free financial data security services to users.

7

It's only been a few hours since Sony bit the bullet and admitted a user data breach was behind the PlayStation Network outage, but already one elected representative has expressed anger at the company's response to the situation. Senator Richard Blumenthal (D-CT) drafted a letter (via Joystiq) to SCEA president Jack Tretton, noting Sony's lack of response and calling for action on behalf of PlayStation Network users.

In the letter, Blumenthal expresses concern that "users' personal and financial information may have been inappropriately accessed by a third party," and calls the time it took Sony to notify users "troubling." He notes that Sony hasn't specified how it intends to protect users, and says that Sony owes PlayStation Network customers "free access to credit reporting services, for two years, the costs of which should be borne by Sony."

Check out the full letter below, and take some solace that at least once in a while, an elected representative gets fired up about protecting constituents.

Dear Mr. Tretton:

    I am writing regarding a recent data breach of Sony’s PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.

    It has been reported that on April 20, 2011, Sony’s PlayStation Network suffered an “external intrusion” and was subsequently disabled. News reports estimate that 50 million to 75 million consumers – many of them children – access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.

    When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.

    I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.

    PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.

    Sincerely,

    /s/

    Richard Blumenthal

    United States Senate

Editor-In-Chief
From The Chatty
  • reply
    April 26, 2011 4:00 PM

    Steve Watts posted a new article, PSN data breach angers CT Senator.

    Senator Richard Blumenthal (D-CT) drafted a letter to SCEA president Jack Tretton, citing their "troubling lack of notification" as reason to provide free financial data security services to users.

    • reply
      April 26, 2011 4:02 PM

      [deleted]

    • reply
      April 26, 2011 4:05 PM

      maybe they'll reward us by removing PS Home

    • reply
      April 26, 2011 4:07 PM

      He's just angry he can't play right now.

    • reply
      April 26, 2011 4:08 PM

      Ploy for attention -- SUCCESSFUL!

    • reply
      April 26, 2011 4:19 PM

      o snap!

    • reply
      April 26, 2011 4:25 PM

      I do agree that the time they took to let us know was a bit alarming. The fact that your personal and financial data may be compromised is something users of your service should know up front.

      • reply
        April 27, 2011 6:08 AM

        They probably didn't know for sure that the personal and financial info was compromised. I doubt any company is going to start sending out warnings until they know for sure that they have to.

        • reply
          April 27, 2011 7:51 PM

          that's not how it works, I worked as a database admin for a small startup e-commerce back in 2000-2004. we were using Microsoft Back Office & Site Server. both Site Server & SQL server logged every query & transaction tht took place on that network. now, lets say you suspect your accounts were compromised, all you'd need to do was make a query of any user accessing every user record during the target timeframe & you'd get the results within 20 minutes tops. that was with our network back in 2000. I refuse to believe that Sony has something less than we did. sorry, not buying it

    • reply
      April 26, 2011 4:26 PM

      [deleted]

    • reply
      April 26, 2011 4:27 PM

      I do agree that the amount of time it took for them to notify us is a bit alarming. If the personal and financial data of your service's users is compromised, that seems like something you should tell them at the earliest possible moment.

      • reply
        April 26, 2011 4:27 PM

        Oops, double/triple post. Page didn't refresh correctly, thought my post didn't make it.

        GO SONY.

    • reply
      April 26, 2011 4:28 PM

      I generally am not a fan of Blumenthal but in this case he is correct....it took nearly *one week* for Sony to admit our data had been breached...who knows what havoc could have been wrought in that period of time.

    • reply
      April 26, 2011 4:35 PM

      GO GO Senator,

    • reply
      April 26, 2011 4:51 PM

      Daaaaad, why can't I play CODBLOPS??? Can't you do something? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad?Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad?Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad?Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad? Dad?

      OKAY FUCK SAKES STOP BUGGING ME. I'll write the letter.

    • reply
      April 26, 2011 5:01 PM

      Lordkat called it first on 23.4.011


      http://www.lordkat.com/week-games-042311-psn-woes.html

    • reply
      April 26, 2011 5:12 PM

      [deleted]

      • reply
        April 26, 2011 5:36 PM

        Does that mean he also makes good on his claims/promises, etc.? Couldn't quite tell if you're saying this as in a good thing.

        • reply
          April 26, 2011 6:02 PM

          [deleted]

        • reply
          April 27, 2011 8:20 PM

          Making Sony pay for being retarded is good. Any congressional witch hunt in which these fuck faces get to sit on camera and act all butt hurt and important is bad.

Hello, Meet Lola