Sony, Epsilon execs support data breach bill

June 2, 2011 By JOELLE TESSLER , AP Technology Writer

(AP) -- Top executives from Sony and online marketing firm Epsilon told lawmakers Thursday that they support federal legislation that would require companies to promptly notify consumers if their personal information is stolen or exposed by a data breach.

Testifying at a House Commerce subcommittee hearing, the executives expressed support for national legislation to pre-empt a patchwork of varied state laws.

The House Commerce Subcommittee on Commerce, Manufacturing and Trade held Thursday's hearing after high-profile breaches at the two companies in recent months exposed email addresses, and other personal belonging to millions of consumers.

Sony, in particular, is facing questions about why it did not inform consumers more quickly after a massive cyber-attack targeted through its popular PlayStation Network and its network, compromising more than 100 million .

Although Sony began investigating unusual activity on the PlayStation network on April 19, the company did not issue a public notice and begin emailing customers to alert them that their personal information had been taken until April 26. But Tim Schaaff, president of Sony Network Entertainment International, stressed in his testimony Thursday that Sony used a blog post to notify PlayStation Network customers that an intrusion had occurred as early as April 22.

Schaaff added that he believes the company struck the right balance by waiting until it had more information before informing consumers.

"Laws - and common sense - provide for companies to investigate breaches, gather the facts, and then report data losses publicly," he said. "If you reverse that order - issuing vague or speculative statements before you have specific and reliable information - you either confuse and panic people, without giving them useful facts, or you bombard them with so many announcements that they become background noise."

Still, Rep. Mary Bono Mack, R-Calif., criticized the company's handling of the matter. "In effect, Sony put the burden on consumers to search for information instead of providing it to them directly," said Bono Mack, who chairs the Subcommittee on Commerce, Manufacturing and Trade, which held Thursday's hearing. "That cannot happen again."

Bono Mack plans to introduce legislation that would require companies that hold consumer data to put in place security measures to protect that information, with even stronger safeguards for sensitive data such as credit card numbers. Her bill would also require companies to promptly notify consumers if that data has been compromised.

The targeting Sony was the second big data breach to grab headlines in recent months. Sony's problems came on the heels of a huge breach at Epsilon, a unit of Alliance Data Systems Corp. that handles email marketing campaigns for major banks, hotels and stores. Epsilon's customers include Citigroup Inc., JPMorgan Chase & Co., Best Buy Co. Inc., the Kroger Co. grocery chain, Walgreen Co.'s drugstores and the Hilton and Marriott hotel chains.

The hack into its systems resulted in the theft of potentially millions of email addresses, and in some cases customer names, that Epsilon Data Management LLC maintained on behalf of its clients. Although email addresses by themselves are of little use to criminals, they can be used in so-called "phishing" attacks. Such attacks trick consumers into revealing passwords, social security numbers and other sensitive data by sending them emails that appear to come from companies that they already patronize.

In her testimony Thursday, Jeanette Fitzgerald, general counsel of said the company acted quickly to launch an investigation, notify law enforcement and contact its clients as soon as a company employee detected suspicious activity on March 30. She added that the company tried to address consumer concerns by providing information on its Website on April 1 and again on April 6, and by establishing a response center to answer questions from consumers and corporate clients.

Sony, too, has been working with law enforcement authorities to investigate the breaches that infiltrated its systems. And on Thursday, Sony said it is fully restoring its PlayStation Network in the U.S., Europe and parts of Asia after the attacks forced the company to shut the system down.

Explore further: Sony, Epsilon execs to testify


Related Stories

Sony, Epsilon execs to testify

June 2, 2011

(AP) -- Executives from Sony and online marketing firm Epsilon will go before lawmakers on Thursday to try to explain recent data breaches at their companies that have exposed email addresses, credit card numbers and other ...

Sony: Co. is victim of sophisticated cyber attack

May 4, 2011

The data breach of Sony's PlayStation Network resulted from a "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes," ...

More Sony websites hacked, 8,500 Greek accounts hit

May 24, 2011

Sony on Tuesday said its websites in three countries had been hacked with 8,500 Greek user accounts compromised, in a blow to efforts to restore confidence after a huge data breach affecting millions.

Sony CEO apologizes for massive data breach

May 6, 2011

(AP) -- Sony Corp. Chief Executive Howard Stringer apologized for "inconvenience and concern" caused by the security breach that compromised personal data from more than 100 million online gaming accounts.

Recommended for you

Researchers find tweeting in cities lower than expected

February 20, 2018

Studying data from Twitter, University of Illinois researchers found that less people tweet per capita from larger cities than in smaller ones, indicating an unexpected trend that has implications in understanding urban pace ...

Augmented reality takes 3-D printing to next level

February 20, 2018

Cornell researchers are taking 3-D printing and 3-D modeling to a new level by using augmented reality (AR) to allow designers to design in physical space while a robotic arm rapidly prints the work.

What do you get when you cross an airplane with a submarine?

February 15, 2018

Researchers from North Carolina State University have developed the first unmanned, fixed-wing aircraft that is capable of traveling both through the air and under the water – transitioning repeatedly between sky and sea. ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.