Sony executives were absent today as members of a House committee took turns blasting the company for the way it handled breaches of its PlayStation Network and Sony Online Entertainment this past weeks.
The breaches exposed data of over 100 million customers, including credit cards, names and passwords.
The Japanese company was called to testify in front of US Congress members but instead submitted a letter.
Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyberattack designed to steal personal and credit card information for illegal purposes, said Sony Computer Entertainment chief Kaz Hirai.
But experts contend that the fault belongs to the company because it hasn't taken the proper steps to secure its network.
Dr. Gene Spafford of Purdue said key parts of Sony's PlayStation Network ran on Apache servers that were unpatched and had no firewall installed.
This was reported in a forum known to be frequented by Sony employees, he said, though no changes were made in the months leading up to the attack.
Lawmakers were also unaffected by Sony's overture.
This is unacceptable, Mary Bono Mack (R-Calif.) said. What about the millions of American consumers who are still twisting in the wind because of these breaches? They deserve some straight answers, and I am determined to get them.
The company first pulled the plug on its PlayStation Network on April 19th, but waited a full 7 days to disclose this Tuesday that it was because of a security breach instead of a technical problem.
The delay would have given ample time for hackers to sell or maliciously exploit the data, security experts have contended, and now lawmakers in several countries are taking action.
Bono Mack noted that the company first disclosed the data breach on a company blog, putting the burden on consumers to search for information instead of accepting the burden of notifying them.