Sony Chief Executive Officer Howard Stringer apologized to users of its PlayStation Network and other online services, breaking his silence on the biggest Internet security break-in ever, but failed to provide a date when services would resume.
Stringer's comments come after he faced criticism of his leadership since Sony revealed hackers had compromised the data of more than 100 million accounts used for accessing games and music over the Internet.
As a company we - and I - apologize for the inconvenience and concern caused by this attack, Stringer said in comments posted on Sony's U.S. PlayStation blog late on Thursday.
The incident may prove to be a significant setback for a company looking to recover after being outmaneuvered by Apple in portable music and Samsung Electronics in flat-screen TVs and which faces a tough fight in video games with Nintendo and Microsoft.
One analyst said security concerns could weigh on sales of Sony's gadgets and hurt growth prospects for its network services.
There is a real concern that trust in Sony's business will decline, Kota Ezawa, analyst at Citigroup Global Markets Japan, wrote in a note ahead of the comments from Stringer.
The network business itself still only makes a small direct contribution to earnings, but we see a potential drop in hardware sales as a concern.
The Internet breaches sparked thousands of comments on the official PlayStation fan page on Facebook and on its blog, some of them from users who said they would switch to Microsoft's Xbox Live games network.
Although video game hardware and software sales have declined globally, the PlayStation Network is a key initiative for the electronics company.
On Friday, Sony shares ended 2.3 percent lower in a broader market down 1.5 percent, extending its total losses to about 6 percent since it revealed the breach. The Nikkei is up around 3 percent over the same period.
Sony issued its first warning on the break-in a week after it detected a problem with the network on April 19, infuriating many PlayStation users around the world. Sony said it needed time to work out the extent of the damage.
WHY THE DELAY?
I know some believe we should have notified our customers earlier than we did. It's a fair question, Stringer said.
I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had - or had not - been taken.
Stringer said Sony would restore network services in the coming days, but gave no date.
That's all well and good, but when exactly is the PSN going to be back up? Coming Days could be tomorrow or it could be weeks from now, a user called Morac said on the PlayStation blog.
Sony's handling of a massive Internet security breach is becoming a public relations nightmare reminiscent of Toyota Motor's bungled response to a series of vehicle recalls last year, fuelling criticism of Japan Inc's standards of disclosure.
The initial response was definitely slow, said Yasuyuki Katagi, president of Ogilvy Public Relations Worldwide (Japan).
He said Japanese firms were used to keeping problems quiet because local customers would assume they were taking steps to fix things.
However, this doesn't apply when a problem extends to the global business environment, Katagi added.
In the United States, several members of Congress have seized on Sony's breach, in which hackers stole names, addresses and possibly credit card details. One U.S. law firm filed a lawsuit in California on behalf of consumers.
The theft prompted the U.S. Justice Department and Federal Bureau of Investigation to open an investigation and New York Attorney General Eric Schneiderman has subpoenaed Sony entities over the breaches.
Almost 100 percent of the time, it's the handling of the crisis that creates lasting and negative perceptions rather than the event on its own, said Danny Phan, executive director at public relations firm Pelham Bell Pottinger Asia.
Keeping your stakeholders in the dark for too long will create deep rooted suspicion and mistrust when the news breaks, potentially severing all positive sentiments previously built over the years.
Sony previously said it would offer some free content, including 30 days of free membership to a premium service to existing users and in some regions pay credit card-renewal fees.
Stringer also said the company had launched a $1 million data theft insurance policy for its U.S. PlayStation Network and Qriocity users.
I know this has been a frustrating time for all of you, Stringer said. To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely, he said.
Sony's revelation of a second Internet breach on Monday came just a day after it said measures had been put in place to avert another cyberattack like that which hit its PlayStation Network, leading to the theft of information on 77 million user accounts.
The company is looking to its insurers to help pay for its data breach, an amount that one expert estimates could exceed $2 billion, but others said insurers may balk at ponying up that kind of money.
We have a variety of types of insurance that cover damages. Certain carriers have been put on notice, said Sony spokesman Dan Race.
The hackers have not been identified, but Internet vigilante group Anonymous, which had claimed responsibility for previous attacks on Sony and other corporations, denied it was behind the data theft.
The group's statement came after Sony said Anonymous was indirectly responsible for the attack on the company.
Sony, which is set to report its annual earnings on May 26, has yet to specify the financial effect of the network breach. Tokyo financial markets were closed from Tuesday to Thursday for national holidays.
(Additional reporting by Taiga Uranaka in TOKYO and Rachel Armstrong in SINGAPORE; Writing by Anshuman Daga; Editing by Lincoln Feast and Dean Yates)