Sony denies its security was lax
WASHINGTON — Sony Corp. had strong security measures in place before an April cyber attack exposed 100 million customer accounts and prompted the temporary shutdown of its PlayStation Network, the company said.
“We believe the security we had was very, very strong and we were in good shape,’’ Tim Schaaff, president of Sony Network Entertainment International, told a House Energy and Commerce subcommittee. “The intensity and sophistication of the hack proved otherwise.’’
Sony was criticized for taking six days to warn customers about the breach. Yesterday, Schaaff defended the company’s response, saying that “issuing vague or speculative statements before you have specific and reliable information’’ is counterproductive.
But Eugene H. Spafford, a computer science professor at Purdue University, told lawmakers on May 4 that Sony had not “assessed the risks’’ to its network.
“That is simply untrue,’’ Schaaff said yesterday.
Sony did not know who was responsible for the intrusion or how much information was taken. The hacker took steps to conceal how the company’s servers were entered and what if any data were taken.
Lawmakers are considering an Obama administration proposal that calls for replacing varied reporting requirements under 47 state data-breach laws with a single federal standard.
Sony said it favors a universal notification standard.