Sony has begun notifying members of its PlayStation Network that it is now providing free identity-theft protection, which they can sign up for at Sony's identity-theft protection site until June 28.
Security bloggers analyzing the exploits used to create the breaches blamed across-the-board failures to guard against SQL injection attacks – one of the most common categories of attack.
The eScan blog listed details of the attacks, several of the vulnerable sites, and the damning conclusion that, ultimately, the reason so many Sony sites are so vulnerable is that no one person or group at Sony has been held accountable for corporate security.
While Sony has apologized to customers, it hasn't taken responsibility for the global weakness of its security – a point that, after the original high-profile attack and its many sequels, everyone who cares already understands, whether Sony admits it or not.
At this point, it hardly matters. Time to call it quits and start over from the beginning, Sony.