Sony justifies delayed PS3 sensitive data theft warning

There’s a reason Sony waited several days to tell PSN users their data was compromised.

Even though the crippling hacker attack that shut down Sony’s online gaming service happened on April 19, it wasn’t until yesterday, April 26, that the company issued a statement about user data being compromised.

Sony is concerned that user credit card information may have also been stolen from its internal servers, and sent out e-mails to affected users with information on how to contact the major credit bureaus to put a security freeze on their accounts.

In other words, it’s kind of a big deal. But if the attack took place more than a week ago, why wait so long to tell customers about it?

Sony director of corporate communications Patrick Seybold explained in a Playstation Blog post:

“There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.”

PSN service remains suspended today as Sony continues to figure out what happened.