Sony’s handling of the PSN breach: a different take

by: Jeremy -
I would be remiss if I didn’t give my two cents on the current Sony / PSN breach situation. The is, undoubtedly, the top story in the gaming industry right now and pretty much everyone that you ask has their own take and opinion on it. I started to sit down and write up my thoughts on it, which are a little more forgiving than 95% of those who have shared their opinion, until I discovered this post by a good friend of mine.

The following statement was posted on the SrcasticGamer.com forums by Rothbart, the host of the SG Blu PlayStation Podcast. Roth is a very, very good friend of mine that I have known for many years now and he happens to share the exact same position that I have on this entire incident; I started writing down my own thoughts but felt that he summed it up perfectly in this post which is transcribed below. It is also important to note that in the real world, Rothbart works for a data security company and deals with this sort of thing on a daily basis so he isn’t just someone spewing their interpretation of the events; he has an idea of what he is talking about:

I need to ignore Twitter right now... there are tons of people (and site feeds) spewing ignorance galore...

I work at a company that deals with data security... we wish everyone that lost a laptop or left data unencrypted had used our product(s) first. The fact is, NOBODY is impervious to being hacked. It happens all the time to tons of companies. It happens at a much larger scale than the 75M PSN users.

By data breach standards, what Sony has done here is the absolute text book implementation of what to do correctly. They didn't put protocol aside to keep selling PSN content. They didn't put protocol aside to let gamers keep gaming, potentially muddying up the systems being scoured for clues. They didn't try to hide that this happened. They didn't try to analyze it themselves but instead brought in experts.

The people and sites that are faulting Sony on how they've handled this so far are simply, and I mean no disrespect by the use of the very most accurate word I can think of... "ignorant" as to what they're talking about.

If you think Sony should've battened down the hatched and never gotten hacked... talk to the HUNDREDS of other companies/brands/organizations out there that have endured the exact same fate. If you think Sony shouldn't have been storing credit card information (at all or in a certain way) you should know that all there are now are recommendations or guidelines, there are no LAWS yet that force companies to certain degrees of protection and even if they were adequately protected, depending on the extent and nature of the hack, having them protected to PCI DSS guidelines STILL might not prevent people from getting to our credit card information...

That said, Sony said there was no evidence that our credit cards were compromised. They recommended (and to be honest, this was worded well) that "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." How can they be faulted for that? Would you rather them lie and say "you're safe" or "they were compromised"?

This was a text book reaction to a large scale data breach and unlike MOST companies where we'd simply get an unexpected letter in the mail, we were somewhat kept in the look by the raised awareness that PSN being down leading them to say something. You don't spill details during an investigation and these things take time. Hell, try checking out your computer after you've had a trojan installed and activated... now amplify that work by about a bajillion. Going through that stuff takes time.
"


Before we all start raising pitchforks and rallying the masses against, Sony, how about we see exactly how this thing plays out in the end and then judge those involved... once we have all the facts and are able to look at the big picture.

comments powered by Disqus