In contrast to the Epsilon “business as usual” approach, Sony has been reeling from the security breach which has had the PlayStation Network shut down for several weeks.
Sony has now freely admitted that personal information of up to 77 million PlayStation users was compromised. Their website provides advice to users for obtaining free credit reports, in case any users believe they are victims of identity theft: http://www.soe.com/securityupdate/
While this disclosure is to be applauded, Sony’s refusal to testify at a US House Energy and Commerce subcommittee hearing scheduled this week seems a tacit admission that they have not yet identified how the cyber attack on their data center in San Diego, CA could have happened: http://www.bloomberg.com/news/2011-05-02/sony-declines-to-testify-at-u-s-house-hearing-on-data-breach.html
The initial breach has been compounded by the discovery of additional impact on the Sony Online Entertainment games network, resulting in further losses of customer data involving another 25 million accounts and SOE taking down that network for repairs. Estimates of the cost to Sony primarily from lost revenue have ranged up to $50 million, however the real damage could be in terms of their market share, which has been eroding.
While Sony is taking this very seriously, experts are divided as the actual risk. Congress is pushing for legislation forcing companies to immediately disclose any data breaches to consumers to reduce the risk of identity theft and fraud. The real solutions as suggested by some experts might include a reevaluation of network security procedures, which often still rely on username and password combinations: http://www.computerweekly.com/Articles/2011/05/03/246559/Sony-data-breach-100m-reasons-to-beef-up-security.htm