Lawmakers question Sony, Epsilon on data breaches

Representative Mary Bono Mack plans to introduce new cybersecurity legislation soon, she says

Recent data breaches at Sony's PlayStation Network and at e-mail service provider Epsilon will lead to legislation focused on improving cybersecurity at U.S. companies, the chairwoman of a U.S. House of Representatives subcommittee said Thursday.

Representative Mary Bono Mack, a California Republican, said she will soon introduce legislation focused on ensuring that companies holding personal data secure it. Although she didn't provide many details, the legislation will include a data breach notification requirement, Bono Mack said during a hearing of the House Energy and Commerce Committee's trade subcommittee.

Lawmakers quizzed representatives of the two companies about data breaches, with some questioning whether the companies did enough to protect themselves.

"These recent data breaches only reinforce my long-held belief that much more needs to be done to protect sensitive consumer information," said Bono Mack. "Americans need additional safeguards to prevent identity theft."

Representatives of both Sony and Epsilon told lawmakers they would support a national breach notification law that preempts state laws. More than 45 states now have laws requiring breached companies to notify affected customers.

The multiple state laws are "seemingly in conflict" and make it difficult for companies to comply, said Tim Schaaff, president of Sony Network Entertainment International.

Companies need U.S. government support to fight cyber-attacks, Schaaff added. "Despite spending millions of dollars to secure your networks, despite all of the best efforts known to us, our networks are not 100 percent protected," he said. "It's a process that requires continual investment. I think without additional support from the government, it's unlikely that we will all, collectively, be successful, and that will threaten the livelihood of the growing Internet economy."

The attack on the PlayStation Network, discovered April 19, will cost the company about US$170 million, Schaaff told lawmakers.

Representative Cliff Stearns, a Florida Republican, questioned whether a new cybersecurity law would protect customers. State data protection and notification laws didn't seem to work in the Sony and Epsilon cases, he said. "You didn't comply, evidently, with the states," he said.

Bono Mack also criticized Sony for the timing of its breach notifications to customers.

"For me, one of the most troubling issues is how long it took Sony to notify consumers, and the way in which the company did it -- by posting an announcement on its blog," she said. "In effect, Sony put the burden on consumers to search for information instead of providing it to them directly. That cannot happen again."

Schaaff defended the way Sony notified customers. Sony posted information about the breach on the well-read PlayStation blog on April 22, three days after the company discovered the breach, he said. The blog "has a highly visible and deeply engaging relationship with our customers and is one of the best, fastest and most direct means of communicating with them," he said.

Sony e-mailed PlayStation account holders beginning on April 26, he added.

Epsilon's breach, discovered March 30, exposed the e-mail addresses, and in some cases, names, of millions of people who do business with the company's clients, said Jeanette Fitzgerald, Epsilon's general counsel.

Representative Brett Guthrie, a Kentucky Republican, asked Fitzgerald if implementing better security standards would have protected Epsilon.

Epsilon uses a number of tools to protect itself, she said. "The hackers are very sophisticated," she added. "This wasn't some guy in a garage."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the PC World newsletter!

Error: Please check your email address.

Tags regulationBrett GuthrieEpsilondata breachU.S. House of Representatives Energy and Commerce CommitteesonygovernmentMary Bono MackCliff StearnsJeanette FitzgeraldTim Schaaffsecurity

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?