House data breach hearing blasts Sony; legislation planned

A House panel hearing on data breach legislation Wednesday, focused heavily on Sony and Epsilon, two companies that have suffered public data breaches in the past two months. Both companies declined invitations to testify at the hearing.

Rep. Mary Bono Mack (R-Calif.), the subcommittee chair, said that Sony should have informed its consumers of the breach earlier and said its efforts were “half-hearted, half-baked.” She was paritcularly critical of Sony’s decision to first notify customers of the attack via its company blog, leaving it up to customers to search for infomation on the breach.

The company has come under fire not only for data breaches that compromised the personal details of millions of customers, but also for failing to let customers know of the breach until April 26, a week after it first discovered something was wrong with its servers.

In its reply to Bono Mack and subcommittee ranking member Rep. G.K. Butterfield (D-N.C.) Sony said that it waited to inform consumers until it had more complete information on the attack.

The company also said that it has not received any reports of fraudulent credit card transactions linked to the attacks.

In testimony at the hearing, FTC’s David Vladeck, the head of the consumer protection bureau, restated that the agency supports national legislation that can act as a floor for state data breach legislation.

Vladeck said that the FTC supports legislation that would require companies to implement reasonable security policies and notify customers in the case of a security breach.

The FTC announced Wednesday that it had settled with two companies, Ceridian Corporation and Lookout Services, charged with improperly protecting consumer data. Both companies agreed to orders that require a comprehensive information security program and independent security audits every other year for the next 20 years.

by Hayley Tsukayama

House members at a panel hearing on data breach legislation Wednesday had harsh words for Sony and Epsilon, two companies that have suffered public data breaches in the past two months.

Both companies declined invitations to testify at the hearing.

Rep. Mary Bono Mack (R-Calif.), the subcommittee chair, said that Sony should have informed its consumers of the breach earlier and said its efforts were “half-hearted, half-baked.” She was paritcularly critical of Sony’s decision to first notify customers of the attack via its company blog, leaving it up to customers to search for infomation on the breach.

The company has come under fire not only for data breaches that compromised the personal details of millions of customers, but also for failing to let customers know of the breach until April 26, a week after it first discovered something was wrong with its servers.

In its reply to Bono Mack and subcommittee ranking member Rep. G.K. Butterfield (D-N.C.) Sony said that it waited to inform consumers until it had more complete information on the attack.

The firm said that it believes it has identified the cause of the attack, though not who is behind it. The company did, however, find evidence pointing to the hacktivist group Anonymous. The group has denied that it is responsible for the attack.

Sony also said that it has not received any reports of fraudulent credit card transactions linked to the attacks.

In testimony at the hearing, FTC’s David Vladeck, the head of the consumer protection bureau, restated that the agency supports national legislation requiring resonable security policies and notification requirements that can act as a floor for state data breach legislation.

Bono Mack said at the hearing that she will propose data breach legislation soon.

On Wednesday, the FTC also announced that it had settled with two companies, Ceridian Corporation and Lookout Services, that were charged with improperly protecting consumer data. Both companies agreed to orders that require a comprehensive information security program and independent security audits every other year for the next 20 years.

Related stories:

Sony reports 2nd security breach by hackers

Sony sued over PlayStation security breach and data theft

FBI looks into Sony’s PlayStation security breach

Hayley Tsukayama covers consumer technology for The Washington Post.

business

technology

Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Comments
Show Comments
Most Read

business

technology

Success! Check your inbox for details.

See all newsletters