May 06, 2011, 12:30 PM — Sony is apologizing again – this time direct from the mouth of its CEO – to its gaming customers for the massive data breach it suffered in April and its ham-handed response afterward.
It also plans to avoid paying, directly anyway, for costs from the breach that could reach $2 billion.
Instead it figures that a "variety of types of insurance" that cover various forms of damage to customers, the environment or Sony's finances should cover the bill, Sony spokesperson Dan Race told Reuters.
"Certain carriers have been put on notice," he said, sounding probably more ominous than he meant to.
Financial analysts are split on how much of the bill insurers are going to be willing to pick up, considering Sony doesn't seem to have had adequate security protecting the 100 million accounts that were hit or the 12.3 million credit-card numbers that might have been taken.
The "automated software monitoring and configuration management" software Sony plans to install sounds like a pretty basic addition – the kind you'd expect a big online service provider would already be using to protect its own networks.
By rights it should also be running intrusion protection systems, data-loss prevention and higher levels of encryption, as LastPass promised to add after getting an unconfirmed indication it may have been breached earlier in the week.
A different Reuters story quotes financial analyst Kota Ezawa at Citigroup in Japan as saying Sony's network-gaming business makes only a small contribution to its bottom line, but that the breach could also hurt sales of hardware. That would be a blow.
Sony still seems to be talking out of both sides of its mouth on the apology, as well.
It is definitely taking the issue seriously, at least from a PR perspective, but the public part of its response to the security issues lacks almost any detail, and it still hasn't come up with a decent explanation for why it waited so long to notify customers of the breach.
The first attack happened April 19; Sony notified the FBI April 22, and notified customers a week later.
"I know some believe we should have notified our customers earlier than we did. It's a fair question," Sony CEO Howard Stringer said at a press event.