Lawmakers say Sony data breach underscores need for legislation

Featured eBooks
Cyber Workforce
Read Now

Law Enforcement Tech

Read Now

AI in the Workplace

Read Now
By Juliana Gruenwald

By Juliana Gruenwald

|

Members of Congress say they are very worried about news that someone hacked the accounts of 77 million Sony PlayStation users and say the issue shows Congress needs to do something more about cybersecurity.

Sony revealed Tuesday that earlier this month someone illegally hacked into the firm's PlayStation network and obtained personal information, including names, addresses, birth dates, login information and possibly credit card information. It comes on the heels of a data breach last month at Epsilon, during which the names and e-mail addresses of customers of many companies such as Barclays Bank of Delaware, Best Buy, J.P. Morgan Chase and Walgreens were stolen.

"I am deeply troubled by this latest data breach. It reinforces my long-held belief that much more needs to be done to protect sensitive consumer information," Rep. Mary Bono Mack, R-Calif., chairwoman of the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade, said in a statement. "Most importantly, Americans should be quickly informed when their personal information has been hacked, especially in instances like this where there is an obvious potential for large scale identity theft."

Bono Mack said she will be introducing legislation, possibly as soon as next week, that would provide consumers with additional safeguards to protect against such data breaches.

Not everyone thinks the threat is dramatic. The top White House cyber-threat expert, Howard Schmidt, thinks it's overblown.

Rep. Bobby Rush, D-Ill., who also sits on Energy and Commerce and chaired Bono Mack's subcommittee in the last Congress, said he plans to reintroduce a data breach bill he offered before. The bill, which passed the House, would have required for-profit entities that hold personal information about consumers to adequately secure the data and notify the Federal Trade Commission and the affected consumers when a breach occurs.

"Sony touts its PlayStation platform's real-time and networking capabilities to consumers," Rush said in a statement. "The laws of this country should call, similarly, for consumers to be notified in as close to real-time as possible--not according to Sony time--whenever their sensitive information falls into the hands of intruders, hackers, thieves and information resellers."

In the Senate, Tom Carper, D-Del., chairman of the Homeland Security and Governmental Affairs Federal Financial Management Subcommittee, introduced a data breach in the last Congress and said Wednesday that he hopes provisions from that bill will be included in a broader cybersecurity bill that the Senate may take up this year.

NEXT STORY: Where is the Security in Today's Executive Order?