Sony defends response time to hacker
NEW YORK (Reuters) - Sony Corp's CEO was unapologetic about the company's delay in informing owners of more than 100 million accounts of its networked services whose information was stolen by hackers last month.
In a stark departure from the remorseful tone struck just two weeks ago, when senior executives including heir apparent Kazuo Hirai bowed in apology in Tokyo, Sony Chief Executive Howard Stringer fired back at critics who say the company was too slow to notify consumers once the attack was known.
"This was an unprecedented situation," Stringer told reporters on Tuesday, speaking publicly for the first time since the April breach.
"Most of these breaches go unreported by companies. Forty-three percent (of companies) notify victims within a month. We reported in a week. You're telling me my week wasn't fast enough?"
The attack, considered the biggest in Internet history, prompted the Japanese electronics giant to shut down its PlayStation Network and other services for close to a month.
Critics slammed the company for waiting up to a week before telling its customers of the attack and the possible theft of credit card information, prompting lawmakers and state attorneys general to launch investigations.
Two members of the U.S. House of Representatives sent a letter to Sony on Tuesday, urging it to respond to questions about its security strategy and reveal more details about the data breach.
In the letter, Representatives Mary Bono Mack of California and G.K. Butterfield of North Carolina said they had contacted Sony on April 29 but all of their questions had not been answered by the company. The lawmakers asked Sony to respond to questions by May 25.
Sony said it expected to face monetary charges from the break-in but was still assessing the damage.
"There's a charge for the system being down ... a charge for identity theft insurance," Stringer said. "The charges mount up, but they don't add up to a number we can quantify just yet."
One expert estimated that costs from the break-in could reach as high as $2 billion.
Addressing a report that said hackers had used Amazon.com's servers to launch the attack on Sony, Sony executives said it saw no evidence this was the case.
Sony began restoring parts of the network last weekend in the United States and expects a full recovery in all countries by the end of May.
HIRAI POSITION SECURE
The handling of the crisis, the worst Sony has faced in years, has been a big test of Hirai, who has led the recovery operations as president and group chief executive of Sony Computer Entertainment.
Stringer reiterated his support for Hirai.
"I think his leadership has been very helpful and very demonstrative and I'm endorsing him," Stringer said.
Although Stringer has been in daily contact with Hirai, he thought it best to have Hirai take the lead. "This is his environment, his people, his intimate relationships with PlayStation subscribers and they like him."
What has bothered some of its customers and made Sony a big target in the hacking world is its practice of clamping down on customers who meddle with its systems.
Sony sued a famed hacker, George Hotz, this year for copyright infringement and circumventing PlayStation 3's protection schemes. Hotz, who is well known for "jailbreaking," or unlocking Apple Inc's iPhone, said on his blog he was not involved in the break-in.
The company settled the charges against Hotz on April 11. About a week later, Sony's systems were hacked.
Mark Harding, a Maxim Group analyst, said Sony could have employed less severe methods to protect itself from copyright infringement. "There were probably better ways Sony could have done it without being heavy handed," he said.
Stringer said the attack was likely related to its suit against Hotz but defended Sony's actions.
"An act was done that was dangerous to Sony, dangerous to PlayStation and we thought it was a criminal act and we had to protect ourselves."
(Editing by Steve Orlofsky, Gary Hill)