Sony, Epsilon execs support data breach bill

Jun 02, 2011 By JOELLE TESSLER , AP Technology Writer

(AP) -- Top executives from Sony and online marketing firm Epsilon told lawmakers Thursday that they support federal legislation that would require companies to promptly notify consumers if their personal information is stolen or exposed by a data breach.

Testifying at a House Commerce subcommittee hearing, the executives expressed support for national legislation to pre-empt a patchwork of varied state laws.

The House Commerce Subcommittee on Commerce, Manufacturing and Trade held Thursday's hearing after high-profile breaches at the two companies in recent months exposed email addresses, and other personal belonging to millions of consumers.

Sony, in particular, is facing questions about why it did not inform consumers more quickly after a massive cyber-attack targeted through its popular PlayStation Network and its network, compromising more than 100 million .

Although Sony began investigating unusual activity on the PlayStation network on April 19, the company did not issue a public notice and begin emailing customers to alert them that their personal information had been taken until April 26. But Tim Schaaff, president of Sony Network Entertainment International, stressed in his testimony Thursday that Sony used a blog post to notify PlayStation Network customers that an intrusion had occurred as early as April 22.

Schaaff added that he believes the company struck the right balance by waiting until it had more information before informing consumers.

"Laws - and common sense - provide for companies to investigate breaches, gather the facts, and then report data losses publicly," he said. "If you reverse that order - issuing vague or speculative statements before you have specific and reliable information - you either confuse and panic people, without giving them useful facts, or you bombard them with so many announcements that they become background noise."

Still, Rep. Mary Bono Mack, R-Calif., criticized the company's handling of the matter. "In effect, Sony put the burden on consumers to search for information instead of providing it to them directly," said Bono Mack, who chairs the Subcommittee on Commerce, Manufacturing and Trade, which held Thursday's hearing. "That cannot happen again."

Bono Mack plans to introduce legislation that would require companies that hold consumer data to put in place security measures to protect that information, with even stronger safeguards for sensitive data such as credit card numbers. Her bill would also require companies to promptly notify consumers if that data has been compromised.

The targeting Sony was the second big data breach to grab headlines in recent months. Sony's problems came on the heels of a huge breach at Epsilon, a unit of Alliance Data Systems Corp. that handles email marketing campaigns for major banks, hotels and stores. Epsilon's customers include Citigroup Inc., JPMorgan Chase & Co., Best Buy Co. Inc., the Kroger Co. grocery chain, Walgreen Co.'s drugstores and the Hilton and Marriott hotel chains.

The hack into its systems resulted in the theft of potentially millions of email addresses, and in some cases customer names, that Epsilon Data Management LLC maintained on behalf of its clients. Although email addresses by themselves are of little use to criminals, they can be used in so-called "phishing" attacks. Such attacks trick consumers into revealing passwords, social security numbers and other sensitive data by sending them emails that appear to come from companies that they already patronize.

In her testimony Thursday, Jeanette Fitzgerald, general counsel of said the company acted quickly to launch an investigation, notify law enforcement and contact its clients as soon as a company employee detected suspicious activity on March 30. She added that the company tried to address consumer concerns by providing information on its Website on April 1 and again on April 6, and by establishing a response center to answer questions from consumers and corporate clients.

Sony, too, has been working with law enforcement authorities to investigate the breaches that infiltrated its systems. And on Thursday, Sony said it is fully restoring its PlayStation Network in the U.S., Europe and parts of Asia after the attacks forced the company to shut the system down.

Explore further: Ticketfly buying WillCall for on-premise data

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Sony, Epsilon execs to testify

Jun 02, 2011

(AP) -- Executives from Sony and online marketing firm Epsilon will go before lawmakers on Thursday to try to explain recent data breaches at their companies that have exposed email addresses, credit card numbers and other ...

Sony: Co. is victim of sophisticated cyber attack

May 04, 2011

The data breach of Sony's PlayStation Network resulted from a "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes," ...

Sony to restore PlayStation Network by end of May

May 10, 2011

(AP) -- Sony said Tuesday it aims to fully restore its PlayStation Network, shut down after a massive security breach affecting over 100 million online accounts, by the end of May.

US banks, companies issue warning after email hack

Apr 04, 2011

Computer hackers gained access to the email addresses of customers of several large US banks and other companies in a potentially huge data breach at US online marketing firm Epsilon. ...

More Sony websites hacked, 8,500 Greek accounts hit

May 24, 2011

Sony on Tuesday said its websites in three countries had been hacked with 8,500 Greek user accounts compromised, in a blow to efforts to restore confidence after a huge data breach affecting millions.

Sony CEO apologizes for massive data breach

May 06, 2011

(AP) -- Sony Corp. Chief Executive Howard Stringer apologized for "inconvenience and concern" caused by the security breach that compromised personal data from more than 100 million online gaming accounts.

Recommended for you

Ticketfly buying WillCall for on-premise data

4 hours ago

Ticketfly Inc., a San Francisco-based technology company among several posing a challenge to Ticketmaster, is acquiring WillCall Inc., a crosstown rival that turns your smartphone into a mobile wallet at live events.

HP revenue inches up after years of decline

19 hours ago

Hewlett-Packard on Wednesday reported that its quarterly revenue rose for the first time in three years, nudged by improved computer sales everywhere except Russia and China.

Restaurants experimenting with pay-in-advance tickets

22 hours ago

With restaurant patrons increasingly jumping on the Internet to make reservations, some high-end eateries here and across the country are adding a new tech wrinkle: having their clientele pay for their meal in advance using ...

Chip maker Infineon to buy California firm for $3B (Update)

Aug 20, 2014

German chip maker Infineon Technologies AG says it has agreed to pay $3 billion in cash for California-based semiconductor firm International Rectifier, which produces power-management components used in everything from cars ...

User comments : 0