Late last night, April 26th, Sony had the following to say on the PlayStation Blog regarding why it too so long to notify the public that their data may have been compromised.
"There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon."
When a breach occurs in your network that warehouses the personal and confidential information of your 70 million customers, you have a responsibility to notify the public immediately that there was a breach. If you don't know if the data was compromised, you still have the responsibility to notify the public that it's possible even while you investigate the issue. Sony is using their forensics investigation as a poor excuse to belay the fact that they didn't take the responsible route of letting their 70 million users, many of whom have credit card information stored on the PSN, many of whom will use the same email and password combination for a multitude of other services know that their data may possibly be compromised and to take immediate preventative measures to mitigate risks.
Instead, PSN users were treated to six days of silence. Six days were given to these hackers to troll through the data they possibly mined from the PlayStation Network warehouse. Six days could be a unbelievable shopping spree for anyone who managed to even glean two or three credit cards from the data they may have obtained.
The fact that Sony waited six days for confirmation of data compromise is a piss poor excuse. And one that may cost some PSN users far more than just a few days of not being able to play Call of Duty online.