Why is Sony so Reluctant to Release Security Breach Details?

As anybody who's tried to connect their Playstation 3's to Playstation Network in the last week knows, PSN is currently down, and has been so for over a week now. With any luck, by the time you read this the servers will be repaired (the target date is Tuesday, May 3, according to Sony's blog), but even if they hit their deadlines, the service will have been down for almost two weeks. I'm sure some of you have also heard the rumors about the cause of the problem being attacks from "hacktivist" group Anonymous in response to Sony's recent lawsuit with hacker George Hotz, Amazon's coincidental failure of their cloud-based servers, which seemed simultaneous with Sony's problems, and a custom firmware that was allowing some users to download games from the Playstation Store for free have all been passed around the rumor mill as potential causes for Sony's problem. However, Sony has finally made an official statement about the problem and the reality is much worse than any of the rumors.

According to Sony's blog (www.blog. us.playstation.com), the PSN outage was caused by an attack on the Playstation servers, resulting in some users' confidential information being compromised. While Sony cannot be certain that credit card information was accessed, they also can't rule out the possibility and they are warning that all of their users read their bank statements carefully for the next few months to detect any possible fraudulent activity.

While the attacks certainly aren't Sony's fault, they did mishandle almost everything that they were in charge of. For instance, it took them three days to say anything about the cause of the problem. I don't mind not being able to play online, but when the reason I can't play online is because my credit card information might have been stolen, I'd like to know right away, even if it is just speculation. The fact that they did absolutely nothing for three days is unacceptable. Luckily, they seem to be trying very hard to make sure that there will be no more attacks but that still does little to ease my mind. In an age where addressing your customers is as easy as typing a few sentences and hitting enter, Sony has no excuse for sitting on the information for as long as they have.

So far, the only thing that Sony has been able to do is shrug when asked any important questions. When we asked why the service was down, they shrugged their shoulders for three days before giving us any details. When we asked if our credit card information was stolen, they shrugged their shoulders and said, Maybe... I don't know. When we asked when the service would be back up, we got the same response for a long time. But they have told us something: We need to change any passwords that are the same as our PSN password. Oh, and all of our trophies will be there when the service gets back online. Great, that's a relief (note sarcasm). Hopefully, Sony learns from this mistake and can improve their PR in the future. Let's also hope that this never happens again, just in case Sony doesn't improve.