Date: May 2nd, 2011
As of this morning, 11 days have passed since Sony's major security breach and the Playstation Network was taken down. On day one, they shut the network down and declared an investigation. It was shortly after this investigation that they declared a security breach, and I believe six days had passed before they disclosed that credit card numbers may have been compromised.
So far, the American and Canadian authorities have gotten involved to both figure out how to catch the hackers and possibly to put the screws to Sony.
And things have just gotten worse: Sony Online Entertainment has suffered the same fate as the Playstation Network, and Sony has stated that thousands of credit card numbers may be compromised.
Now, before I continue with this, I will tell you right now that I am not a corporate apologist. Quite the opposite, in fact. Aside from the facts or, what Jean Chretien would call “Da proof is da is da proof”, my analysis comes from IT experience.
So, what's to be said about all of this? First; Sony did the right thing: They pulled the plug on the first sign. Now, with the plug pulled, the users should have gotten a clue that something was wrong with the network.
Second, Sony released information after they knew what was going on and not before. In IT, this is all you can do. You don't want to speculate or assume, especially in the face of potential identity theft.
After Sony initially announced a security breach, users that have credit cards on their accounts should have taken the appropriate measures to protect themselves. They didn't. I'm not saying that the customer is wrong. However, we were all made aware that a security breach took place; we shouldn't sit idly by waiting for the worst to happen and we have a responsibility to be proactive when a service which contains our identification is broken into. Even when Anonymous broke in, we should have been alerting our banks and creditors.
And finally, the government agencies initially went after Sony instead of the organised criminals who broke in after Anonymous initially broke the system. I realise that this probably has something to do with a six-day wait for this information, but again, IT guys don't cry wolf. Unless they want million-dollar servers, then it's okay (no, it's not). Thankfully, this has turned around, but the knee-jerk reactions from the supposedly calm and collected individuals that are supposed to represent us was both premature and immature. As others have said, “stop blaming the victim(s)”.
This debacle is a right mess, but I'm glad that it is being handled, as slowly as that may be. Undoubtedly, Sony will compensate its users, and hopefully you guys who are aware of this breach have already contacted the financial folks that you need to.
Breaches happen, no matter how secure your network is. It doesn't matter if it's cheap wi-fi or a multi-billion-dollar fiber network, it can and will happen. All you can do is shut things down, assess and rebuild. Sony's got a huge network and they have to work around not only the size of their network, but any red tape imposed by Japan's most recent natural disaster. It can't be easy.
I hope that they can resolve this as quickly and painlessly as possible, and I hope you, the customer, remember to protect yourself from identity theft.
When it happens, all you can do is stem the tide.