WASHINGTON, May 5 (UPI) -- Sony's response to breaches of its PlayStation Network and Sony Online Entertainment was ripped in a U.S. House committee hearing on consumer data theft.
Sony did not accept an invitation to testify Wednesday about the April 19 data breach, along with e-mail-marketing firm Epsilon, which suffered a breach announced last month that could have affected 60 million e-mail addresses, USA Today reported.
Rep. Mary Bono Mack, R-Calif., who chaired the House Committee on Energy and Commerce subcommittee hearing, called the decisions to decline the request "unacceptable."
"I hate to pile on, but -- in essence -- Sony put the burden on consumers to 'search' for information, instead of accepting the burden of notifying them," Bono Mack said. "If I have anything to do with it, that kind of half-hearted, half-baked response is not going to fly in the future."
Bono Mack said she plans to introduce legislation that would protect consumers against data theft.
In a written response to the committee, Sony Computer Entertainment Chairman Kazuo Hirai wrote, "What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyberattack designed to steal personal and credit card information for illegal purposes."
Hirai also wrote that Sony learned of the breach April 19 and shut down the PlayStation Network April 20. However, Sony didn't alert PlayStation Network users until six days later personal, and possibly financial, data were compromised.
Bono Mack criticized Sony for its slow response, saying the company "first revealed information about the data breach on their blog. That's right, a blog."
On Monday, Sony Online Entertainment announced it shut down all services because of a breach that exposed the personal, and some financial, data of 24.6 million subscribers.
Hirai said the attacks were to protest Sony's lawsuit filed in U.S. federal court against a hacker. He also wrote about additional security measures Sony took after the breaches.