After PlayStation Network was hacked into, the company should have been quicker to share information with users, experts say.
The damage done by the attack on Sony's PlayStation Network last month—an event that exposed personal information on 100 million accounts—is still being calculated, but was magnified when Sony offered only delayed and incomplete information to users, some experts say.
Sony faces numerous Congressional requests, including this one made last week—as well as subpoenas from New York's attorney general—seeking more information about what information was stolen, and the nature of its security defenses.
Howard Stringer, chief executive of Sony, has said the breach is the largest of its kind ever experienced by a company. But the details of the attack are still largely murky. "We have this problem with all such attacks. We never know what happened, how bad it is, what they did, or how they did it. Nothing," says Bruce Schneier, a renowned security expert. "There is no visibility at all, and Sony is particularly ham-fisted about saying stuff and then retracting it."
In a response to an earlier letter from Congress, Sony said it faced an "extraordinary" situation in which information about the intrusion "was neither immediately nor easily obtainable," and it acted prudently in shutting the network down quickly while investigating what had happened.
Sony shut down the PlayStation Network from April 20 until May 15, when the company started getting its networks back online. Sony estimates that the incident cost $171 million.
Although the attack started sometime between April 17 and April 19, it wasn't until April 26 that Sony announced that massive amounts of personal information had been exposed. For seven days, Sony made only cryptic statements to explain network outages. On April 20, the company published a one-line blog post saying: "We're aware certain functions of PlayStation Network are down. We will report back here as soon as we can with more information."
On April 21, Sony said it was still investigating. On April 22, it said there had been an "external intrusion on our system." On April 23, it said it was "rebuilding our system to further strengthen our network infrastructure" in part to "provide the system with additional security."
Executives for Sony and Epsilon, an e-mail marketing company, insist that they had tight security before they lost consumer data.
Cyber attacks are increasing exponentially. Here's what recent episodes can teach us about thwarting cyber crime, espionage, and warfare.
Information technology's next grand challenge will be to secure the cloud--and prove we can trust it.
Voltage is the difference of electrical potential between two points of an electrical or electronic circuit, expressed in volts. It measures the potential energy of an electric field to cause an electric current in an electrical conductor.
Most measurement devices can measure voltage. Two common voltage measurements are direct current (DC) and alternating current (AC).
Learn the fundamentals of creating an AC or DC voltage measurement system. See how to properly connect the signals to your data acquisition system for accurate acquisition.
This document is part of the How-To Guide for Most Common Measurements centralized resource portal.
View full PDF >
Listen to story > 
On Twitter
Become a Fan on Facebook
Subscribe to the Feed