Say Something, Sony

Sony's deafening silence in the midst of a snowballing security nightmare is puzzling to say the least.

Maybe the company hasn't noticed, but people are getting increasingly concerned over how easily hackers have been able to breach its networks over and over again the past few days.

In fact, since Sony first disclosed the attack on its PlayStation Network in late April, to now, hackers have broken into Sony's networks at least six more times. One of the attacks was on Sony BMG's site in Greece and resulted in about 8000 usernames, passwords, phone numbers, and other data being exposed. Another attack on Sony Ericsson's Canadian Website has resulted in about 2000 customer records being exposed.

If Sony is paying attention to all of the breaches and the concern they are causing, we don't know. So far at least, the company's strategy has been simply to pretend nothing's going on. Sony did offer a fairly detailed timeline on the events surrounding the original PlayStation Network breach and the one at Sony Online Entertainment, which together exposed data on close to 100 million account holders

But the company has said little to nothing about the string of breaches that have hit the company since then. Even though the recent intrusions have been relatively minor in comparison to the PSN breach, the ease with which hackers have pulled them off suggests that Sony is far more porous than many may have imagined.

Sony itself though has said little proactively to assuage the growing concerns. When pressed, the company has reluctantly coughed up a statement or two, confirming a breach, as it did today with the intrusion at Ericsson. But details have been sparse and there's nothing at all on what it is doing to counter the growing attacks. Sony has a huge target painted on its back, and it's almost certain several more breaches will occur before this thing plays out.

Maybe Sony thinks that if it stays silent long enough people will just get fed up and stop paying attention to all the breaches going on around them. Or maybe the company is betting that consumers will not care once everything returns to normal. After all, that's what has always happened with other major data breaches in the past, such as those at TJX and Heartland.

Maybe Sony's right. But some folks, such as Jason Maloni, senior vice president of the crisis and litigation team at Levick Strategic Communications, think otherwise. Maloni was part of the communications team that helped Heartland Payment Systems navigate its way through the fallout from a disastrous data breach in 2008 that exposed data on close to 100 million debit cards and credit cards. He thinks the continuing attacks are severely eroding Sony's hard-earned brand reputation and consumer confidence in the company.

"People forgive an accident. It's what you do after, that people pay most attention to," Maloni says. Rather than simply being in reactive mode, Sony will benefit greatly by being aggressive and by continually communicating what it is doing to set things right, Maloni says.

Silence only feeds conjecture and speculation. Sony can hardly afford that right now.

Subscribe to the Security Watch Newsletter

Comments