Sony has been slapped with a subpoena by New York Attorney General Eric Schneiderman, who wants to know what the company told its customers about the security of their online data.
The PlayStation Network/Sony Online Entertainment security breach has raised a lot of potentially awkward questions for Sony, not least of which is what the company knew and when it knew it. But Schneiderman is apparently interested in events prior to the attack; according to a person "familiar with the matter" but who isn't authorized to speak publicly, he wants to know what sort of promises Sony made to its customers about the security of their data. The report said Schneiderman is seeking the information as part of a wider-ranging consumer protection inquiry.
Sony said in a letter to the U.S. Congress said it did not make an announcement about the intrusion immediately because it was concerned "that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence." It took the company a full week to realize just how bad the damage was, after which it alerted consumers to the situation.
Between legal actions and international government scrutiny, Sony is under tremendous pressure from all sides. The company declined an invitation to appear before a U.S. Congressional hearing, which would certainly have been a less-than-pleasant experience for whoever was stuck in the hot seat, but sooner or later somebody is going to have to get in front of a microphone and take one for the team. That will be an interesting day indeed.