Democrat Senator Richard Blumenthal has written to Sony Computer Entertainment America's Jack Tretton to demand answers over the PlayStation Network security breach.
Blumenthal accuses Sony of failing to notify millions of customers in time and that the incident, "raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information."
The Senator, who has previously been involved in campaigning for video game sales restrictions for minors in Connecticut, has called for Sony to provide PSN users with financial data security services - including free access to credit reporting services for two years and identity theft insurance.
It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach.
Nick Caplin, SCEE
The full text of the letter appears on the Senator's website, where he writes of being "troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections."
"Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers," continues the letter.
Sony only confirmed that data theft had occurred yesterday, after six days of no service. According to comments on the European PlayStation Blog, Sony first learned of an intrusion on the network on April 19, at which point it shut down the service.
"We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident," claimed Nick Caplin, head of communications at Sony Computer Entertainment Europe.
"It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly yesterday evening," he added.