A View from David Talbot
Sony Unit Quick to Fess up on Breach
A small Canada attack gets a rapid response.
A month ago Sony came in for heavy criticism for taking a week to tell PlayStation Network users that their personal information had been exposed in a massive hacking breach. Yesterday a unit of the company showed itself to be very speedy in fessing up to smaller losses, this time in Canada.
Yesterday, Sony Ericsson Canada’s eShop, an online store for phones and accessories, was breached. A Sony Ericsson spokesperson was quite specific in saying that “approximately 2,000 customer records, including first name, last name, email addresses and the hash of the encrypted passwords were obtained by an outside party.” Sony Ericsson has taken down the website, which was externally hosted.
Contrast that rapid disclosure with Sony’s behavior last month. On April 20, it shut its PlayStation Network and streaming-media Qriocity network, following a breach that took place between April 17 and 19. But it wasn’t until April 26 that Sony finally issued a detailed statement confirming that names, addresses, birthdates, e-mail addresses, and other information had been exposed or stolen.
Last week two members of Congress sent this letter to the company seeking the updated tally on the damage done by that attack, which Sony said was the biggest ever to hit a company. The politicians asked for a response by May 25. There was no immediate word on whether Sony had provided one.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today