In the Playstation debacle, Sony plays a serious game
There is a truism in business, and politics: it’s never the offense that gets you into trouble, it’s how you handle the aftermath. “Watergate” would not have become shorthand for corruption if the massive criminal cover up of political dirty tricks hadn’t unraveled. “Tylenol” might just have been a trivia answer had Johnson & Johnson not rebounded from the seven tragic deaths of people who took their tainted pain killers into a case study of pitch-perfect crisis management.
Apple and Google both had some explaining to do in recent days about how they collect, store and use tracking information on the smartphones which, combined, account for nearly two thirds of the market. But Sony might have an even bigger challenge on its hands.
Sometime between April 16 and 19 hackers gained access to private information about some 77 million Playstation customers, including logins, passwords, e-mail addresses, home addresses, and possibly account history and credit card information. It took Sony nearly a week to disclose this, even though it shaped up to be one of the biggest data breaches in history.
On Sunday — nearly two weeks later — the company took the first meaningful step to regain the public’s trust. It included both ritualistic and material elements. But as PR professionals will tell you, doing ritual wrong makes material unbelievable.
Sony’s quest began with a simple bow — though not from the company’s CEO, a curious decision given that humility from no less than a chief executive is usually required to turn public opinion in high-stakes damage control. In Sony’s case it is all the more odd since its CEO, Howard Stringer, is no Tony Hayward, the tone deaf BP CEO who apparently forgot that people had died in the Gulf Horizon disaster when he told an interviewer that he’d “like his life back.”
But we are still in Act II of this arc. Act I was painful: Sony took its game servers offline for nearly a week before acknowledging that the outage wasn’t about maintenance but a break in. The games have not yet begun again.
The staggering extent of the breach should alone give pause. But the worst case scenario right now isn’t about the loss of credit cards. For cardholders, frankly, loss is just an inconvenience since they can be replaced quickly and unauthorized use never costs anything. (Stolen credit cards are very valuable to thieves, but the potentially huge losses are born by card issuers and, through exorbitant rates, all of the charging public.)
It is the stolen e-mail addresses and passwords that are the real problem — and waiting a week to say anything about it. Valid e-mail addresses are fodder for phishing, and many people use the same password in many places. A huge cache of passwords and associated e-mail addresses — often used for web site usernames — means that those 77 million keys could be used to try to open hundreds of millions of Internet locks while Sony was mum.
A bow is a poignant gesture from a Japanese company executive (nobody is expecting hara kiri). Sony did announce a “Welcome Back” program: customers will be offered free downloads, assistance enrolling in identity theft protection services and a 30-day free pass to Playstation Plus.
But … the free downloads will be determined by territory, which could create artificial haves- and have-nots; the ID theft assistance doesn’t include reimbursement for enrolling in such programs; and a 30-day free pass to premium services smacks more of a sales pitch than a sincere attempt to make things right.
It’s doubtful that this incident will be Sony’s Watergate, but so far it’s not its Tylenol, either.
Photo: A Sony playstation controller is seen at an area that was devastated by last week’s earthquake and tsunami, in Kesennuma, north Japan, March 19, 2011. REUTERS/Kim Kyung-Hoon