Sony is Six Feet Under… and Still Digging

Published Fri, May 6th, 2011   Justin Fritz, Executive Editor

Keep digging, Sony (NYSE: SNE)… keep digging. In fact, you should hit the mantle of the planet soon.

If you recall, the company sent a letter to 77 million PlayStation Network (PSN) subscribers last Tuesday, warning them that the PSN system had suffered a massive security breach and that their personal details may have fallen in the hands of hackers.

Sony then held a conference in Tokyo to outline what it’s doing to patch the security leak and ensure it won’t happen again. Two key initiatives emerged…

• It’s appointing an information security officer to oversee the protection of customer data.

• It’s also introducing automated software monitoring systems. This should identify unusual activity on the network and protect users from attacks.

Not a bad start.

Three top brass Sony executives, including the president of the gaming division, expressed what seemed like a sincere apology to its customers for the inconvenience. Heck, they even bowed.

And to make amends, Sony’s also giving away some free software downloads for PSN subscribers and a one-month extension for premium subscribers. And the company expects full network service to resume by the middle of the month.

But that’s where the warm and fuzzy feeling ends…

One Baby Step Forward, Three Giant Leaps Back

New developments in the Sony security debacle surfaced this week.

It started during the conference when one of the executives admitted that the hackers exploited “a known vulnerability” in the system. That makes me wonder why it wasn’t patched up to begin with.

Then Sony refused to testify in person at a U.S. Congressional hearing about the potential threat to consumers. Sony agreed to provide written responses to the committee’s questions instead. That way, Sony’s lawyers can draft the responses, just like its PR-crafted announcement last week.

To make matters worse, Sony just discovered and revealed that its internet gaming branch, Sony Online Entertainment (SOE) was also part of the attack.

Why the delay in this announcement?

Sony says it “had previously believed that Sony Online Entertainment customer data had not been obtained in the cyber-attacks… But on May 1, we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.”

Really?

Whether you believe that or not, another 24.6 million customers just got walloped.

Plus another 12,700 non-U.S. customer credit or debit card numbers are at risk, too, since Sony was storing that information in “an outdated database form 2007.”

To top it off, Sony still doesn’t know exactly what information was taken from the original attack, or how many user accounts were compromised.

This would put the Keystone Cops to shame.

Let the Consumer Backlash Begin

Sony customers are already showing the company what they think of its apology.

According to a survey from VentureBeat, 66% of PlayStation 3 owners are now considering a switch to Microsoft’s (Nasdaq: MSFT) X-Box 360 console.

Another survey from Betanews.com shows that 27% of PS3 owners would “absolutely” make the switch to Microsoft’s system. With 77 million active accounts, that represents 20.8 million people ready to abandon ship. Ouch.

Sony’s share price is taking a hit, too. Since the network outage began, the price has tumbled by almost 8%. Meanwhile, the tech-heavy Nasdaq index has traded flat over the same period.

In the end, the consumer backlash against Sony emphasizes the need for companies to beef up security. Preferably before a cyber-attack puts millions of people at risk. Otherwise share prices are destined to come under attack, too.

And as I mentioned last week, as more companies strive to avoid Sony’s fate, look for software security companies to get a major boost.

Good investing,

Justin Fritz