UPDATE: Sony’s deadline from last Sunday of “within one week” has been delayed. Read about it direct from Sony here.
Every day brings new Playstation Network news, so here’s your latest batch. Sony President Howard Stringer has released an official, open apology to all users for the outages. The letter reiterates a lot of thoroughly discussed points, reminding users that there is no data to suggest credit card misuse, and that Sony is fully cooperating with all intelligence agencies and governments in finding those responsible.
The company also stated that the rebuilding of the Playstation Network has entered the “final stages of internal testing”, although no relaunch date was given for the tweaked service. The news comes after Sony had received a subpoena from New York Attorney General Eric Schneiderman (via Bloomberg), for its delayed – and somewhat vague – notifying of its user’s on the breach.
As part of a compensation plan that already includes region-specific “entertainment content” and a free month of both Playstation Plus and Qriocity, Sony announced that they were partnering with Debix to offer players a free year of data protection. The “AllClear ID” program allows United States account holders to receive instant notifications of any information misuse, gives “priority access” to data care professionals, and up to $1 million in insurance for any malpractice within twelve months of signing up. Users should expect an email offer within the next few days, which will guide the sign-up process until the offer’s June 18th expiration.
The hacker group Anonymous has once again issued statements distancing themselves from the attacks, after Kazuo Hirai’s response to Congress implicated them in relation to documents found within Sony Online Entertainment servers. “Public support is not gained by stealing credit card info and personal identities,” Anonymous wrote in a press statement, “We are trying to fight criminal activities by corporations and governments, not steal credit cards.”
A congressional hearing on the matter puts more of the blame on Sony itself, particularly the testimony of Perdue University Computer Science professor Dr. Gene Spafford. Dr. Spafford reported that numerous, obvious weak-spots were shown in Sony’s armor when it was discovered that key parts of the Playstation Network ran on unpatched Apache servers that lacked even basic firewall protection. Spafford also suggested such weaknesses were widely suspected in information released in security mailing lists months before the initial outage.
“[Sony and Epsilon] must shoulder some of the blame for these stunning thefts, which shake the confidence of everyone who types in a credit card number and hits ‘enter’… As Chairman of this Subcommittee, I am deeply troubled by these latest data breaches, and the decision by both Epsilon and Sony not to testify today. This is unacceptable.” reprimanded Representative Mary Bono Mak (R-CA), in a larger House hearing back on May 4th, “According to Epsilon, the company did not have time to prepare for our hearing—even though its data breach occurred more than a month ago. Sony, meanwhile, says it’s too busy with its ongoing investigation to appear. Well, what about the millions of American consumers who are still twisting in the wind because of these breaches? They deserve some straight answers, and I am determined to get them…”
“Yet for me, the single most important question is simply this: Why weren’t Sony’s customers notified sooner of the cyberattack? I fundamentally believe that all consumers have a right to know when their personal information has been compromised, and Sony – as well as all other companies—have an overriding responsibility to alert them… immediately.” Bono Mak continued, “In Sony’s case, company officials first revealed information about the data breach on their blog. That’s right. A blog. I hate to pile on, but—in essence—Sony put the burden on consumers to ‘search’ for information, instead of accepting the burden of notifying them. If I have anything to do with it, that kind of half-hearted, half-baked response is not going to fly in the future.”
Will you sign up for an AllClear ID, E-Gs? Or are you just waiting for the Network to return so you can cancel your credit card? Tell us below in the comments section!