A recent article on Bloomberg confirms that Sony just offered its second major concession to subscribers of its PlayStation and Qriocity Networks in an effort to stay ahead of the fallout caused by its network breach. Sony confirmed that over 101.6 million accounts have been impacted. Earlier this month, Sony noted that it will offer 30 days of premium membership to its members as a concession for the data breach. Now, Sony is expanding its efforts to both appease and protect its users by offering a $1 million insurance policy per user to cover legal expenses, identity-restoration costs and lost wages that may stem from the data breach. Texas-based company Debix, Inc. will provide monitoring services for Network members, who have until June 18, 2011 to sign up for Debix’s AllClear ID Plus protection program.

U.S. Senator Richard Blumenthal (D., Conn.) stated, "I welcome Sony’s strong first step toward protecting millions of consumers whose personal and financial information has been compromised." However, Sony still has not taken any steps to definitively confirm or deny that the hackers were able to obtain credit card data during the course of the attack. In regard to the extent of the breach, Sony notes only that it is continuing to cooperate with the authorities, including the Federal Bureau of Investigation. Chief Executive Officer Howard Stringer attempted to explain the ongoing information void by noting:

"Forensic analysis is a complex, time-consuming process. I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks. It took some time for our experts to find those tracks and begin to identify what personal information had, or had not, been taken."

A more recent update from Bloomberg noted that, as of May 9, 2011, the company intends to keep some online entertainment services closed longer than it had planned, "to make sure its systems don’t fall prey to more hacker attacks." Sony hopes to restore full network service by the end of this month.  At this point, all indicators appear to suggest that the hackers were able to obtain credit card data during the attack.  Sony's willingness to provide identity insurance policies only reinforces that suspicion, though it is unclear what impact that step will have on minimizing the company's potential legal exposure.

Sony executives recently took a moment to apologize to their customers and bow before the press in symbol meant to assuage the concerns created by its recent network breach. A May 3, 2011 article on Reuters noted that the company also plans to offer free content to its network subscribers, including 30 days of free membership to its premium service. A company spokesperson also noted that Sony would pay credit card renewal fees, but noted that would only be done in circumstances where users suffered actual damage. Sony has yet to provide any specifics on how they intend to implement that component of their damage control campaign.

Unfortunately, just as Sony was beginning to restore service to its primary consumer network and attempt to alleviate customer concerns, The Wall Street Journal reported that computer hackers breached security for a second online service, and were able to gain access to personal information for 24.6 million customer accounts, brining the total of compromised accounts to more than 100 million. The Wall Street Journal reported that Sony Online Entertainment, a San Diego-based subsidiary that makes multiplayer games for personal computers, said it shut down its services on May 1, 2011 amid concerns that a hacker may have gained access to names, birth dates and addresses for its users. The article notes that Sony "doesn’t believe credit-card information on those accounts was accessed, but said hackers may have stolen credit-card data for about 12,700 non-U.S. accounts and 10,700 bank-account numbers from an outdated database from 2007." A Sony spokesman claimed that the company "temporarily took down the service as part of its continued investigation into the intrusion in April," and denied that this was a second attack. Given the fact that Sony still cannot confirm that no credit card data was taken during the first attack, it would seem that little comfort can be gleaned from its most recent press release.

Sony is working with the Federal Bureau of Investigation to investigate the attacks, which have prompted inquires from a number of members of Congress. On Monday, Sony declined to testify before the congressional committee on energy and commerce, but agreed to provide written answers to questions on Tuesday. A spokesman for Rep. Mary Bono Mack (R., Calif.) noted that while he understands the difficult period the company is going through, "millions of American consumers are twisting in the wind and we are determined to get answers for them." Until the company can confirm that the hackers weren’t able to obtain credit card data, it seems that Sony’s position may continue to worsen before it improves.

A recent article in AdAge discusses the PlayStation Network's recent woes. The network suffered a week long power outage before announcing that hackers bypassed security to obtain information on the Network's subscribers. More specifically, Sony executives acknowledge that hackers obtained access to the name, address (city, state, zip), country, email address, birth date, PlayStation Network password and login, and handle/online ID. Moreover, Sony still cannot confirm whether the hackers obtained credit card data, but executives admitted that they "cannot rule out the possibility," noting that users should "remain vigilant" in monitoring their account statements and credit reports. The fact that it took Sony six days to announce the breach suggests that the company is having a difficult time obtaining a complete grasp on the extent of the breach, the data that has been compromised and its potential legal exposure. Gaming networks have advanced as rapidly as gaming consoles and are no longer limited to allowing gamers to play in groups online.

The PlayStation Network allows users to purchase and download high definition movies, TV shows and TV series, as well as purchase games and other online content. As a consumer who incorporates a PlayStation 3 into my family's entertainment system, I can attest to the fact that the Network offers, if not encourages, to store a user's credit card data to streamline the purchase process. Knowing that such data is stored on the Network should trigger a heightened duty of protection. Time will tell whether credit card data was compromised during the breach and, if so, the ramifications for Sony.