Lawmakers question Sony, Epsilon on data breaches

Representative Mary Bono Mack plans to introduce new cybersecurity legislation soon, she says

Recent data breaches at Sony's PlayStation Network and at e-mail service provider Epsilon will lead to legislation focused on improving cybersecurity at U.S. companies, the chairwoman of a U.S. House of Representatives subcommittee said Thursday.

Representative Mary Bono Mack, a California Republican, said she will soon introduce legislation focused on ensuring that companies holding personal data secure it. Although she didn't provide many details, the legislation will include a data breach notification requirement, Bono Mack said during a hearing of the House Energy and Commerce Committee's trade subcommittee.

Lawmakers quizzed representatives of the two companies about data breaches, with some questioning whether the companies did enough to protect themselves.

"These recent data breaches only reinforce my long-held belief that much more needs to be done to protect sensitive consumer information," said Bono Mack. "Americans need additional safeguards to prevent identity theft."

Representatives of both Sony and Epsilon told lawmakers they would support a national breach notification law that preempts state laws. More than 45 states now have laws requiring breached companies to notify affected customers.

The multiple state laws are "seemingly in conflict" and make it difficult for companies to comply, said Tim Schaaff, president of Sony Network Entertainment International.

Companies need U.S. government support to fight cyber-attacks, Schaaff added. "Despite spending millions of dollars to secure your networks, despite all of the best efforts known to us, our networks are not 100 percent protected," he said. "It's a process that requires continual investment. I think without additional support from the government, it's unlikely that we will all, collectively, be successful, and that will threaten the livelihood of the growing Internet economy."

The attack on the PlayStation Network, discovered April 19, will cost the company about US$170 million, Schaaff told lawmakers.

Representative Cliff Stearns, a Florida Republican, questioned whether a new cybersecurity law would protect customers. State data protection and notification laws didn't seem to work in the Sony and Epsilon cases, he said. "You didn't comply, evidently, with the states," he said.

Bono Mack also criticized Sony for the timing of its breach notifications to customers.

"For me, one of the most troubling issues is how long it took Sony to notify consumers, and the way in which the company did it -- by posting an announcement on its blog," she said. "In effect, Sony put the burden on consumers to search for information instead of providing it to them directly. That cannot happen again."

Schaaff defended the way Sony notified customers. Sony posted information about the breach on the well-read PlayStation blog on April 22, three days after the company discovered the breach, he said. The blog "has a highly visible and deeply engaging relationship with our customers and is one of the best, fastest and most direct means of communicating with them," he said.

Sony e-mailed PlayStation account holders beginning on April 26, he added.

Epsilon's breach, discovered March 30, exposed the e-mail addresses, and in some cases, names, of millions of people who do business with the company's clients, said Jeanette Fitzgerald, Epsilon's general counsel.

Representative Brett Guthrie, a Kentucky Republican, asked Fitzgerald if implementing better security standards would have protected Epsilon.

Epsilon uses a number of tools to protect itself, she said. "The hackers are very sophisticated," she added. "This wasn't some guy in a garage."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Brett GuthrieregulationU.S. House of Representatives Energy and Commerce Committeedata breachEpsilongovernmentsonyJeanette FitzgeraldCliff StearnsMary Bono MackTim Schaaffsecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?