Sony: Sony’s shares have fallen almost 7 per cent since news broke that the company waited five days to tell customers that hackers may have stolen their credit card details when they broke into the PlayStation gaming network. That’s wiped almost $2 billion off Sony’s market value. Sony's claim that it needed time to assess the damage is not reassuring. Its delay violates one of the most basic rules of public relations: when customers are at risk, tell them everything you know — as soon as you know it.
Luckily for Sony, the breach appears to be a case of no foul, no harm. No evidence has yet emerged of fraudulent card use, or even that credit card details were in fact stolen. Even if they were, Sony may be covered by disclaimers that customers sign when they join. The recent spate of data breaches and privacy scares at companies such as Facebook suggests that user convenience and the compulsion of online gaming (and gossiping) outweigh practical considerations.
Sony could face tens of millions of dollars in legal liabilities. But that's actually pretty small beer to a company with $88 billion in sales. Besides, Sony has bigger worries, the foremost of which is restoring full production to the 10 plants affected by Japan’s March 11 disaster. Sony has resumed production at nine, but shortages of power and parts have forced it to cut production. Sony also has broader focus issues: its wide-ranging interests — from chips and disks to TVs and films, should give it a leg up in terms of product convergence. Yet it has faced delays in releasing a smartphone-cum-Playstation and is a latecomer to the battle against Apple in the fast-growing market for tablets.
It is tempting to draw parallels between Sony’s delay in disclosure and the PR fiascos that have beset Toyota and Tokyo Electric Power and conclude that some uniquely Japanese cultural trait is to blame. But obfuscation is a universal corporate weakness and Sony's top decisions are no longer made solely by Japanese staff.
Sony’s data dilemma is not only Sony’s problem either. Consumers and companies alike need to mitigate the risks inherent in putting more and more sensitive information into the so-called cloud of network computing services. Whether credit card numbers or snapshots from a weekend rendezvous, what happens in the cloud doesn't necessarily stay in the cloud.
