Sony is scrambling to make up for a series of hacks to its Playstation and MMORPG networks that compromised more than 100 million accounts, at least 25 million of which included enough data to identify customers individually, the company admitted in a letter to Congress yesterday.
It also said it is cooperating with the FBI, hired computer-forensics and investigation specialists Data Forte, which is headed by a former agent of the U.S. Naval Criminal Investigative Service to try to identify the attackers.
It hired more investigators from e-discovery and cyber-investigation consultants at Guidance Software and Protivity – a forensic-security consulting company that is a division of global recruiting and consulting firm Robert Half International.
That's a lot of resources to throw at an investigation. At least a normal investigation. One for a breach this size needs a few more bodies than most.
It also requires a little more accountability than Sony has provided so far, according to Connecticut Senator Richard Blumenthal, who wrote Sony yesterday to ask for more details about compromised accounts and to let it know he's asking the U.S. Attorney General's office to investigate in addition to all the other players.
Sony's letter to Congress, btw, also mentioned it discovered May 1 that another network may also have been breached at some time in the past without its knowledge.
Despite a U.S. Supreme Court ruling last week that makes it much more difficult to bring class-action suits against companies in the U.S., Sony will almost certainly end up ponying up a lot of direct compensation to customers, in addition to the loss of reputation and business it will no doubt see.
A Toronto law firm is announced a class-action suit in Canada, representing a 21-year-old Ontario native as plaintiff.
The amount an average Canadian 21-year-old can lose by having a credit card compromised is limited, but there is a decent-sized pool of other potential victims who might expand the class-action a bit.
So far, except for its offer of a month's free subscription to a service that may be the cause of your identity theft, Sony hasn't done much to make things up to its customers, despite its own epic failure.
Apologies, lawyers, investigators and cooperation with Congress may help keep it out of regulatory trouble. Making things right with customers is what will keep it from losing their acounts as fast to competitors as it did to hackers.