Most Read: Business

 Last Update: 4:15 PM 03/27/2015(NASDAQ&DJIA) |

World Markets from      


Other Market Data from      


Key Rates from      


Blog Contributors

Timothy B. Lee

Timothy B. Lee

Timothy B. Lee covers technology policy, including copyright and patent law, telecom regulation, privacy, and free speech. He also writes about the economics of technology. He has previously written for Ars Technica and Forbes. You can follow him on Twitter or send him email.

Brian Fung

Brian Fung

Brian Fung covers technology for The Washington Post, focusing on electronic privacy, national security, digital politics and the Internet that binds it all together. He was previously the technology correspondent for National Journal and an associate editor at the Atlantic. His writing has also appeared in Foreign Policy, Talking Points Memo, the American Prospect and Nonprofit Quarterly. Follow Brian on Google+ .

Andrea Peterson

Andrea Peterson

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government. She also delves into the societal impacts of technology access and how innovation is intertwined with cultural development.

Post Tech
About / Where's Post I.T.?   |    Twitter  |   On Facebook  |  RSS RSS Feed  |  E-Mail Cecilia
Posted at 02:25 PM ET, 05/04/2011

House data breach hearing blasts Sony; legislation planned

House members at a panel hearing on data breach legislation Wednesday had harsh words for Sony and Epsilon, two companies that have suffered public data breaches in the past two months.

Both companies declined invitations to testify at the hearing.

Rep. Mary Bono Mack (R-Calif.), the subcommittee chair, said that Sony should have informed its consumers of the breach earlier and said its efforts were “half-hearted, half-baked.” She was paritcularly critical of Sony’s decision to first notify customers of the attack via its company blog, leaving it up to customers to search for infomation on the breach.

The company has come under fire not only for data breaches that compromised the personal details of millions of customers, but also for failing to let customers know of the breach until April 26, a week after it first discovered something was wrong with its servers.

In its reply to Bono Mack and subcommittee ranking member Rep. G.K. Butterfield (D-N.C.) Sony said that it waited to inform consumers until it had more complete information on the attack.

The firm said that it believes it has identified the cause of the attack, though not who is behind it. The company did, however, find evidence pointing to the hacktivist group Anonymous. The group has denied that it is responsible for the attack.

Sony also said that it has not received any reports of fraudulent credit card transactions linked to the attacks.

In testimony at the hearing, FTC’s David Vladeck, the head of the consumer protection bureau, restated that the agency supports national legislation requiring resonable security policies and notification requirements that can act as a floor for state data breach legislation.

Bono Mack said at the hearing that she will propose data breach legislation soon.

On Wednesday, the FTC also announced that it had settled with two companies, Ceridian Corporation and Lookout Services, that were charged with improperly protecting consumer data. Both companies agreed to orders that require a comprehensive information security program and independent security audits every other year for the next 20 years.

Related stories:

Sony reports 2nd security breach by hackers

Sony sued over PlayStation security breach and data theft

FBI looks into Sony’s PlayStation security breach

By  |  02:25 PM ET, 05/04/2011

Tags:  Privacy, FTC

Read what others are saying

    © 2011 The Washington Post Company