Thursday, April 28, 2011

Sony PlayStation Waits 6 Days to Inform Customers of Security Breach... Insulting Move


A week ago the PlayStation Network (PSN) went down. PSN provides online community gaming, online purchases, access to Netflix installed on PS3, movie purchases, game extensions, and other similar services. The network became and still is unavailable. After more than 24 hours of downtime, I advised my boyfriend, an avid user of PSN, to do what most consumers would do: check the company website. The official PlayStation site gave no reason for the downtime but stated it was for “maintenance”.

On April 26, 6 days after PSN went down, Sony released a statement that PSN had been hacked. Log in information, names, birthdates, passwords, and addresses had been taken by hackers; credit card information along with all purchases made through the network may have also been taken. An email was sent out to PSN subscribers advising them of the breach and to watch out for scams, any contact from Sony (according to them Sony would never contact for more personal information), and unauthorized credit card purchases. According to “Sony Faces Lawsuit, Regulators’ Probe over PlayStation Hack” by Cliff Edwards, Karen Gullo, & Michael Riley of Bloomberg, Sony’s 6 day wait in informing consumers of the breach has also inspired investigations by Ireland, the U.S., and Britain and a lawsuit.

All three countries are seeking information concerning the breach and the reasons it took Sony so long to make an official statement on the breach. The breach occurred April 17 to April 19. According to the article and news reports, Sony shut down the network because of the breach.

“It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly.”
-Patrick Seybold, a Sony spokesman

Its understandable the need to fully inform themselves about the breach but the least Sony could have done was state PSN was down because of a breach. And as they found out information, they should have steadily updated consumers.


“The PlayStation Network has 36 million subscribers in the U.S., 32 million in Europe, and 9 million in Japan and the rest of Asia”. That’s 77 million subscribers left in the dark for 6 days about the PSN blackout. While some are probably mad about PSN being down, my concern, subscribers’ concerns, and governments are about the delay in informing consumers. Hacking and security breaches can happen to any company. In trying to find the most up-to-date news on PlayStation, I came across an article in which the writer exclaimed everyone should get over the network being down because Xbox, PlayStation’s biggest competitor, has had similar hacking issues. This is a great point. But the most important issue is the lack of information.

Privacy breaching is a serious matter. It's the reason many pay for credit monitoring and companies have sprung up offering “life security”, protection of our most personal and valuable data. When and if my personal information is stolen, I need to be aware of it A.S.A.P. When I found out the reason for the downtime was indeed hacking (if you think about it, no company would shut down an international network for days just for “maintenance”), I was angry, appalled, and pissed. I’m not a serious gamer but I do enjoy my PS3 for its blu-ray capabilities, playing music, and the few games I do play. Regardless of the level of gaming of a consumer or if you are a family member who purchased it for a loved one, especially a child, the 6-day delay for information is insulting. It seems as if Sony does not value its consumers or at least the privacy of their information.

PSN is a free service. Many will argue this is result of getting something for free. But… just because the service is free does not mean I am denied the right of privacy and protection of my information. Most social media, a log in to Amazon, mint.com, most online banking and many other services are free. If those services went down due to hacking and consumers were informed 6 days later, people would be just as easily pissed. So please don’t dismiss this post as one pertaining to gamers. This is about privacy, customer service, and most importantly what to do when your business is compromised.

Waiting 6 days to release a statement about the reasons behind the blackout was a stupid move. It will cost Sony. There’s the lawsuit, which “alleges the delay left PlayStation users exposed to losses related to any credit-card data theft.” According to the article, Sony’s stock fell 4.8% “headed for its lowest close since July 2009”.  The article also stated Sony could loss millions and millions of dollars as most companies in similar situations have spent as much climbing themselves out their security breach hole. Also many consumers who have considered flocking to stores in the past week to buy a PS3 are probably changing their minds, some current customers are probably going to switch consoles (I am seriously thinking of doing so), and consumer groups will probably attack Sony.

The biggest lesson for others who might end up with a security breach compromising consumer information and shutting down their service: think of your consumers. They need to know information as often as you get it. The longer you delay, the more time they have to consider leaving you; without consumers, you have no business. Unless you have monopolized your service or become invincible, you do not have the power to leave consumers in the dark. I’m not trying to call for the destruction of Sony because many enjoy their products. As mentioned, this can happen to anyone. The issue at hand is the way it is being handled. So far, Sony has done a not-so-great job. They have not released news about when PSN will be back up. This means consumers cannot change log in information until then. Hopefully, Sony has a better game plan and understands the scope of their 6-day decision.

No comments:

Post a Comment