Sony didn't tell PSN users that personal information had been compromised right away because it took some time to figure out what happened.
Sony recently hit PlayStation Network users with a doozy when it informed them that all of their personal information may have been obtained by "external forces." Sony learned of the breach around a week earlier, prompting everyone, including one angry senator, to wonder why the company didn't reveal that sensitive information may have been stolen right away. According to Sony, it simply wasn't aware of the leak.
The latest post from Sony's Patrick Seybold on the PlayStation Blog details a little more of the internal steps that Sony had to take when it learned someone had gained illegitimate entry into the PSN. "There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised," he wrote.
"We learned there was an intrusion April 19th and subsequently shut the services down," Seybold continued. "We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon (April 26)."
It's impossible to know if Sony is telling the truth, because this would be the official story no matter what the case. However, when you're dealing with a situation where literally hundreds of thousands (millions?) of customers may have had their information stolen by a "scary hacker man," you're going to want to make sure that you know it actually happened.
The best idea is definitely to perform a full investigation rather than to spark outrage for no reason. Unfortunately, the situation with the PSN has sparked outrage with good reason, which is much, much worse.
Thanks for the tip Ophiuchus!
Source: PS Blog