Sony defends speed of notification of data breach
NEW YORK (Reuters) - Sony Corp has defended its response to a massive Internet security breach in a letter to Connecticut Senator Richard Blumenthal, who has accused the company of dragging its feet in notifying consumers.
Kazuo Kirai, the Japanese electronics company's group chief executive and president, wrote that Sony had worked as quickly as possible to notify consumers about the data theft. A copy of the letter, dated May 5, was obtained by Reuters on Friday.
Blumenthal, a former state attorney general, has said that Sony acted too slowly in sending out 500,000 emails per hour to consumers after the breach that exposed personal data of more than 100 million of its online video game users.
Sony has said it could not rule out that some 12.3 million credit card numbers had been obtained during the hacking.
The company, under fire since the breach, noticed unauthorized activity on its network on April 19, and reported it to the U.S. Federal Bureau of Investigation on April 22.
Kirai wrote that it took longer to send notices because "these emails are not 'batch' emails. The emails are individually tailored to our consumers' accounts."
He said the company had complied with various state laws by getting word out to consumers in blog posts on its PlayStation website.
The notification was blogged by Sony on April 26.
Kirai wrote that Sony had found itself "in the cross-hairs of controversy" and that cyber crime had become a widespread problem in society. "What happened to us, though more vast in scope, has happened to many others before," he said.
Blumenthal said in a statement on Friday that Sony had taken a "strong first step."
On Thursday, Sony's Chief Executive Howard Stringer broke his silence about the hacking by apologizing in a letter to consumers posted on PlayStation's website.
(Reporting by Liana B. Baker)