A recent article on Bloomberg confirms that Sony just offered its second major concession to subscribers of its PlayStation and Qriocity Networks in an effort to stay ahead of the fallout caused by its network breach. Sony confirmed that over 101.6 million accounts have been impacted. Earlier this month, Sony noted that it will offer 30 days of premium membership to its members as a concession for the data breach. Now, Sony is expanding its efforts to both appease and protect its users by offering a $1 million insurance policy per user to cover legal expenses, identity-restoration costs and lost wages that may stem from the data breach. Texas-based company Debix, Inc. will provide monitoring services for Network members, who have until June 18, 2011 to sign up for Debix’s AllClear ID Plus protection program.
U.S. Senator Richard Blumenthal (D., Conn.) stated, "I welcome Sony’s strong first step toward protecting millions of consumers whose personal and financial information has been compromised." However, Sony still has not taken any steps to definitively confirm or deny that the hackers were able to obtain credit card data during the course of the attack. In regard to the extent of the breach, Sony notes only that it is continuing to cooperate with the authorities, including the Federal Bureau of Investigation. Chief Executive Officer Howard Stringer attempted to explain the ongoing information void by noting:
"Forensic analysis is a complex, time-consuming process. I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks. It took some time for our experts to find those tracks and begin to identify what personal information had, or had not, been taken."
A more recent update from Bloomberg noted that, as of May 9, 2011, the company intends to keep some online entertainment services closed longer than it had planned, "to make sure its systems don’t fall prey to more hacker attacks." Sony hopes to restore full network service by the end of this month. At this point, all indicators appear to suggest that the hackers were able to obtain credit card data during the attack. Sony's willingness to provide identity insurance policies only reinforces that suspicion, though it is unclear what impact that step will have on minimizing the company's potential legal exposure.