With the shock wearing off after yesterday's announcement about the scope and magnitude of the hacker attack on the PlayStation Network, Sony is now having to deal with the ugly public relations fallout.
Gardner analyst Avivah Litan says the incident is the largest theft of personal information to ever occur. That has spurred politicians in two countries to demand answers. And, as expected, the first of what will likely be several lawsuits has already been filed.
Senator Richard Blumenthal was the first to publicly chastise Sony for the data breach, which saw personal information for more than 70 million subscribers hijacked by hackers. In an open letter to the company, the Connecticut democrat made several demands of the company.
"It is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised," he wrote. "Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft."
In Britain, meanwhile, the Information Commissioner's Office says it will determine whether Sony adequately protected customer's credit card information, saying "any business or organization that is processing personal information in the UK must ensure they comply with the law, including the need to keep data secure".
Meanwhile, in the Northern District of California, a lawsuit has been filed on behalf of Kristopher Johns, 36, of Birmingham, Ala., saying Sony did not take " "reasonable care to protect, encrypt, and secure the private and sensitive data of its users."
The suit seeks monetary compensation and free credit card monitoring. It is seeking class action status
Sony, for its part, denies that it intentionally withheld the severity of the breach from its customers.
"We learned there was an intrusion April 19th and subsequently shut the services down," the company said in a blog posting. "We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly [Tuesday] afternoon."