When there is a group of hackers who call themselves Anonymous and have no centralized membership criteria other than remaining anonymous, it is tempting to try to blame a massive security breach on them.
It is even more tempting when they took responsibility for an earlier security breach that made massive amounts of customer information. Oh, and when they admitted to attack your web site, a few weeks prior to the criminal hack.
But when you are the CEO of Sony and are already under fire for not telling people about the breach until a week after it happened, you may be forced to admit that basically, you have no idea what happened.
Sony declined to attend a hearing hosted by the House Subcommittee on Commerce, Manufacturing and Trade called “The Threat of Data Theft to American Consumers,” but did respond to a letter they had received from the subcommittee. They also posted the letter on their website. Had they read the letter they were responding to more carefully, they might have known that blog-posting does not go over well with the subcommittee.
“In Sony’s case, company officials first revealed information about the data breach on their blog. That’s right. A blog. I hate to pile on, but—in essence—Sony put the burden on consumers to “search” for information, instead of accepting the burden of notifying them. If I have anything to do with it, that kind of half-hearted, half-baked response is not going to fly in the future,” wrote committee chairperson Rep. Mary Bono Mack.
Follow Ben Popper via RSS.