As you have probably heard, Sony has revealed that their customer databases have been hacked twice in the past month, potentially affecting users of their PlayStation Network, Qriocity and Sony Online Entertainment products. Not only have legions of gamers been dealing with a blackout of services that they pay for and fear that their credit card information may have been stolen – but Sony failed to inform them of this massive cyber attack for a week.
According to news reports, Sony learned that they had been hacked on April 19th, took down PlayStation Network service on the 20th, and told customers seven days later, on the 27th. Sony maintains that they were unaware of the breadth of the attack until much later, but I’m not sure that is a good reason for their failure to inform customers more quickly.
Sony gamers, internet security experts, and the odd politician are angry that Sony waited so long. From a PR perspective, the outlook is equally troubling. Sony had an opportunity to take control of the situation and keep this group of highly engaged customers as happy as possible considering the circumstances. Instead, they have turned a challenging situation into a major image problem.
However, I do think some of the lambasting from the press is unwarranted. Sony could have provided more information up front, but they have made great use of the PlayStation blog to consistently communicate with their customers, including lengthy customer Q&As. Of course, the content of that communication could have been better early on.
What do you think? Could Sony have communicated better about this security breach?