A key House lawmaker investigating the recent breach of Sony’s PlayStation Network said on Thursday that the company appears more focused on casting itself as the victim than on providing answers that might help avert future incidents.
Rep. Mary Bono Mack, R-Calif., chairwoman of the Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade, said she is not satisfied by the answers the company provided to written questions from her panel. Sony declined to have a representative testify at a hearing Bono Mack’s panel held on Wednesday.
“They are contending that that they are victims here,” Bono Mack said on Thursday during an appearance on C-SPAN’s The Communicators, scheduled to air on Saturday. “But there is a two-tier victimization process here. There is the Sony side and there is the 100 million consumers who are also potential victims here.”
Sony revealed last month that its PlayStation Network had been hacked and that data -- including names, birth dates, and password information -- related to 77 million accounts had been stolen. It reported a second hacking incident a few days later involving 24.6 million Sony Online Entertainment accounts.
Sony's was the second major data breach in recent months. E-mail marketer Epsilon revealed in March that an intrusion into its systems had resulted in the loss of the names and e-mail addresses of millions of customers of major U.S. companies such as Best Buy, J.P. Morgan Chase, and Walgreens.
Bono Mack said the answers from both Epsilon, which also declined to testify, and Sony raised more questions that her panel plans to pursue. She said both companies have not ruled out testifying at a future ruling. She also voiced concern about when and how Sony notified consumers about the data breach. The company waited almost a week to notify its PlayStation customers about the incident and did so by posting the information on its blog.
“I don’t know if I can identify a specific time or a specific manner, but I can speak to the voices of consumers who say ‘I have the right to know as soon as possible,’ ” she said.
“Epsilon and Sony are victims as well, but, again, we need answers to craft wise policy.”
Bono Mack is working on legislation to be introduced, possibly in the next few weeks according to an aide, to give consumers more protections when data breaches occur. It will be based on legislation introduced in previous years by Reps. Cliff Stearns, R-Fla., and Bobby Rush, D-Ill.
On Wednesday, Rush, who chaired Bono Mack’s subcommittee in the last Congress, reintroduced his data-breach bill. It would require companies to adequately secure personal information and to notify consumers and the Federal Trade Commission when a breach occurs.
The Senate Commerce Committee said on Thursday that it would hold a hearing next week on the economic ramifications of cyberattacks on private companies. Representatives from two private companies, IBM and Verizon, along with the FBI are slated to testify.
Want the news first every morning? Sign up for National Journal’s Need-to-Know Memo. Short items to prepare you for the day.