Breach, Compliance Management, Data Security, Government Regulations

Sony breach prompts House data theft hearing

A U.S. House subcommittee has scheduled a hearing Wednesday to examine data protection issues following the massive breach of Sony's PlayStation Network and Qriocity services, which compromised the personal information of 77 million gamers.

The House Subcommittee on Commerce, Manufacturing, and Trade, chaired by Rep. Mary Bono Mack, R-Calif., called the hearing to examine the threat of data theft to American consumers in light of Sony's breach, as well as the network intrusion at email marketing services provider Epsilon.

Bono Mack announced that she intends to introduce a federal data security bill later this year that would provide consumers with additional safeguards, including a provision that they must be notified if their personal information is compromised. Similar notification laws are on the books in most states.

A national data breach notification law has been in the works for a number of years. Several versions have made the rounds, but nothing has cleared both chambers.

This mainly has been due to other Congressional priorities and, more specific to the bills, disagreement over what constitutes a suitable threshold to report a breach.

Though Sony is facing mounting scrutiny after waiting several days to inform customers about its recent breach, company executives do not plan to testify at Wednesday's hearing, a spokesman for Bono Mack told SCMagazineUS.com on Tuesday.

Sony executives declined because the company's internal investigation into the breach is still ongoing, he added. The company has, however, agreed to provide written responses to questions posed by Bono Mack by the end of the day Tuesday.

In a letter sent on Friday to Sony's chairman, Bono Mack wants to know how the breach occurred, why Sony waited to notify customers, and what steps the company has taken to prevent a recurrence.

Sony revealed last Tuesday that attackers stole personal data belonging to PSN and Qriocity users, roughly a week after both services went offline. A recent investigation into the breach has turned up further compromise, which may affect an additional 25 million users of Sony's online gaming portal, known as Sony Online Entertainment.

“I am deeply troubled by this latest data breach,” Bono Mack said in a statement. “It reinforces my long-held belief that much more needs to be done to protect sensitive consumer information. Most importantly, Americans should be quickly informed when their personal information has been hacked, especially in instances like this where there is an obvious potential for large-scale identity theft.”

Wednesday's hearing likely will address the state of ongoing data breach investigations, current industry data security practices and available technologies.

Scheduled witnesses include David Vladeck, director of the Federal Trade Commission's Bureau of Consumer Protection; Pablo Martinez, deputy special agent in charge of the criminal investigative division of the U.S. Secret Service; Justin Brookman, director of the Center for Democracy and Technology's consumer privacy project and Gene Spafford, a Purdue University professor.

A live webcast of the hearing will be available on the House Energy and Commerce Committee website, beginning Wednesday at 9:30 a.m. EST.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.