Sony, Epsilon execs support data breach bill

Jun 02, 2011 By JOELLE TESSLER , AP Technology Writer

(AP) -- Top executives from Sony and online marketing firm Epsilon told lawmakers Thursday that they support federal legislation that would require companies to promptly notify consumers if their personal information is stolen or exposed by a data breach.

Testifying at a House Commerce subcommittee hearing, the executives expressed support for national legislation to pre-empt a patchwork of varied state laws.

The House Commerce Subcommittee on Commerce, Manufacturing and Trade held Thursday's hearing after high-profile breaches at the two companies in recent months exposed email addresses, and other personal belonging to millions of consumers.

Sony, in particular, is facing questions about why it did not inform consumers more quickly after a massive cyber-attack targeted through its popular PlayStation Network and its network, compromising more than 100 million .

Although Sony began investigating unusual activity on the PlayStation network on April 19, the company did not issue a public notice and begin emailing customers to alert them that their personal information had been taken until April 26. But Tim Schaaff, president of Sony Network Entertainment International, stressed in his testimony Thursday that Sony used a blog post to notify PlayStation Network customers that an intrusion had occurred as early as April 22.

Schaaff added that he believes the company struck the right balance by waiting until it had more information before informing consumers.

"Laws - and common sense - provide for companies to investigate breaches, gather the facts, and then report data losses publicly," he said. "If you reverse that order - issuing vague or speculative statements before you have specific and reliable information - you either confuse and panic people, without giving them useful facts, or you bombard them with so many announcements that they become background noise."

Still, Rep. Mary Bono Mack, R-Calif., criticized the company's handling of the matter. "In effect, Sony put the burden on consumers to search for information instead of providing it to them directly," said Bono Mack, who chairs the Subcommittee on Commerce, Manufacturing and Trade, which held Thursday's hearing. "That cannot happen again."

Bono Mack plans to introduce legislation that would require companies that hold consumer data to put in place security measures to protect that information, with even stronger safeguards for sensitive data such as credit card numbers. Her bill would also require companies to promptly notify consumers if that data has been compromised.

The targeting Sony was the second big data breach to grab headlines in recent months. Sony's problems came on the heels of a huge breach at Epsilon, a unit of Alliance Data Systems Corp. that handles email marketing campaigns for major banks, hotels and stores. Epsilon's customers include Citigroup Inc., JPMorgan Chase & Co., Best Buy Co. Inc., the Kroger Co. grocery chain, Walgreen Co.'s drugstores and the Hilton and Marriott hotel chains.

The hack into its systems resulted in the theft of potentially millions of email addresses, and in some cases customer names, that Epsilon Data Management LLC maintained on behalf of its clients. Although email addresses by themselves are of little use to criminals, they can be used in so-called "phishing" attacks. Such attacks trick consumers into revealing passwords, social security numbers and other sensitive data by sending them emails that appear to come from companies that they already patronize.

In her testimony Thursday, Jeanette Fitzgerald, general counsel of said the company acted quickly to launch an investigation, notify law enforcement and contact its clients as soon as a company employee detected suspicious activity on March 30. She added that the company tried to address consumer concerns by providing information on its Website on April 1 and again on April 6, and by establishing a response center to answer questions from consumers and corporate clients.

Sony, too, has been working with law enforcement authorities to investigate the breaches that infiltrated its systems. And on Thursday, Sony said it is fully restoring its PlayStation Network in the U.S., Europe and parts of Asia after the attacks forced the company to shut the system down.

Explore further: Alibaba surges in Wall Street debut

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Sony, Epsilon execs to testify

Jun 02, 2011

(AP) -- Executives from Sony and online marketing firm Epsilon will go before lawmakers on Thursday to try to explain recent data breaches at their companies that have exposed email addresses, credit card numbers and other ...

Sony: Co. is victim of sophisticated cyber attack

May 04, 2011

The data breach of Sony's PlayStation Network resulted from a "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes," ...

Sony to restore PlayStation Network by end of May

May 10, 2011

(AP) -- Sony said Tuesday it aims to fully restore its PlayStation Network, shut down after a massive security breach affecting over 100 million online accounts, by the end of May.

US banks, companies issue warning after email hack

Apr 04, 2011

Computer hackers gained access to the email addresses of customers of several large US banks and other companies in a potentially huge data breach at US online marketing firm Epsilon. ...

More Sony websites hacked, 8,500 Greek accounts hit

May 24, 2011

Sony on Tuesday said its websites in three countries had been hacked with 8,500 Greek user accounts compromised, in a blow to efforts to restore confidence after a huge data breach affecting millions.

Sony CEO apologizes for massive data breach

May 06, 2011

(AP) -- Sony Corp. Chief Executive Howard Stringer apologized for "inconvenience and concern" caused by the security breach that compromised personal data from more than 100 million online gaming accounts.

Recommended for you

Alibaba surges in Wall Street debut

11 hours ago

A buying frenzy sent Alibaba shares sharply higher Friday as the Chinese online giant made its historic Wall Street trading debut.

Alibaba makes Wall Street debut

16 hours ago

Alibaba made its long-awaited Wall Street debut Friday on the heels of a record stock offering that opens the door to global expansion for the Chinese online retail giant.

Alibaba IPO to boost employee fortunes to $8 bn

19 hours ago

Employees of Chinese e-commerce giant Alibaba will see their fortunes swell to nearly $8 billion as the company prepares a massive US stock offering that could be valued at $25 billion.

Alibaba mega IPO caps founder Jack Ma success tale

22 hours ago

When Jack Ma founded Alibaba 15 years ago he insisted the e-commerce venture should see itself as competing against Silicon Valley, not other Chinese companies. That bold ambition from a time when China was ...

User comments : 0