Lawmakers question Sony, Epsilon on data breaches

Representative Mary Bono Mack plans to introduce new cybersecurity legislation soon, she says

Recent data breaches at Sony's PlayStation Network and at e-mail service provider Epsilon will lead to legislation focused on improving cybersecurity at U.S. companies, the chairwoman of a U.S. House of Representatives subcommittee said Thursday.

Representative Mary Bono Mack, a California Republican, said she will soon introduce legislation focused on ensuring that companies holding personal data secure it. Although she didn't provide many details, the legislation will include a data breach notification requirement, Bono Mack said during a hearing of the House Energy and Commerce Committee's trade subcommittee.

Lawmakers quizzed representatives of the two companies about data breaches, with some questioning whether the companies did enough to protect themselves.

"These recent data breaches only reinforce my long-held belief that much more needs to be done to protect sensitive consumer information," said Bono Mack. "Americans need additional safeguards to prevent identity theft."

Representatives of both Sony and Epsilon told lawmakers they would support a national breach notification law that preempts state laws. More than 45 states now have laws requiring breached companies to notify affected customers.

The multiple state laws are "seemingly in conflict" and make it difficult for companies to comply, said Tim Schaaff, president of Sony Network Entertainment International.

Companies need U.S. government support to fight cyber-attacks, Schaaff added. "Despite spending millions of dollars to secure your networks, despite all of the best efforts known to us, our networks are not 100 percent protected," he said. "It's a process that requires continual investment. I think without additional support from the government, it's unlikely that we will all, collectively, be successful, and that will threaten the livelihood of the growing Internet economy."

The attack on the PlayStation Network, discovered April 19, will cost the company about US$170 million, Schaaff told lawmakers.

Representative Cliff Stearns, a Florida Republican, questioned whether a new cybersecurity law would protect customers. State data protection and notification laws didn't seem to work in the Sony and Epsilon cases, he said. "You didn't comply, evidently, with the states," he said.

Bono Mack also criticized Sony for the timing of its breach notifications to customers.

"For me, one of the most troubling issues is how long it took Sony to notify consumers, and the way in which the company did it -- by posting an announcement on its blog," she said. "In effect, Sony put the burden on consumers to search for information instead of providing it to them directly. That cannot happen again."

Schaaff defended the way Sony notified customers. Sony posted information about the breach on the well-read PlayStation blog on April 22, three days after the company discovered the breach, he said. The blog "has a highly visible and deeply engaging relationship with our customers and is one of the best, fastest and most direct means of communicating with them," he said.

Sony e-mailed PlayStation account holders beginning on April 26, he added.

Epsilon's breach, discovered March 30, exposed the e-mail addresses, and in some cases, names, of millions of people who do business with the company's clients, said Jeanette Fitzgerald, Epsilon's general counsel.

Representative Brett Guthrie, a Kentucky Republican, asked Fitzgerald if implementing better security standards would have protected Epsilon.

Epsilon uses a number of tools to protect itself, she said. "The hackers are very sophisticated," she added. "This wasn't some guy in a garage."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Brett GuthrieregulationU.S. House of Representatives Energy and Commerce Committeedata breachEpsilongovernmentsonyJeanette FitzgeraldCliff StearnsMary Bono MackTim Schaaffsecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?