The scale and reach of Sony’s networked electronics and entertainment has made it one of the world’s biggest brands. However, its value has declined significantly in the past few years. Sony fell five places in Interbrand’s 2010 global brand rankings, down to 34th, and the company’s brand value fell by 5% to $11,356 million. Its rival Samsung, meanwhile, increased its brand value by 11%. 

 

But Sony’s brand has stayed strong with gamers: despite fierce competition, its online gaming networks have over 110 million users worldwide. 

 

So the recent outage on the PlayStation and Sony Online Entertainment Networks brought high stakes into play. Sony’s communications during the period would be crucial to maintaining the goodwill and loyalty of the gaming community, and the trust of its stakeholders. 

 

On 20 April, users logging in received a message that the PlayStation Network was closed for maintenance. The official PlayStation blog, run by Patrick Seybold, senior director of corporate communications and social media, acknowledged the outage, but gave no further details.

 

It wasn’t until 22 April that Seybold cited “an external intrusion” into Sony’s systems. Previous updates had mentioned an “outage” requiring investigation. Now Seybold was acknowledging that Sony had actively “turned off” the services. This was a sign to Sony’s audiences that Sony knew more than it had let on about the suspension of services.

 

On 26 April, amid growing chatter, Sony announced that service user account information had been compromised by the intrusion into the network. The data that was at risk was staggering: name, address, country, email address, birthdate, password and login, online ID, purchase history, password security answer, credit card number and expiration date. 

 

Many users questioned the delay between the initial shutting down of the system and the announcement of the data theft. Peter Roberts, senior associate director of Issues & Crisis at Hill & Knowlton, thinks Sony should have been quicker in its announcement: “There were mitigating circumstances – principally, their attempts to ascertain the scale of the issue. However, the lesson to us all is to err on the side of caution; fundamentally, if there’s a problem, but we’re not sure how badly it’s affecting users, talk to them. Visibility is imperative.”

 

Sony continued to post blog and Twitter updates answering users’ questions, but it wasn’t until 5 May, 15 days after the network had first gone down, that Howard Stringer, Sony’s CEO, communicated with stakeholders in an open letter. Sony had also in the meantime submitted to questioning by the US House of Representatives on “The Threat of Data Theft to American Consumers”, and uploaded its answers to blogs and Flickr.

 

The restoration of services was announced in a video on 14 May presented by Kazuo Hirai, executive deputy president at Sony – significantly after the one-week estimate for restoration made on 1 May. Sony set out its plans for a ‘Welcome Back’ programme, including the offer of a year’s free identity theft protection.

 

Despite steady communication from Sony, the damage done by the security breach will be difficult to undo. The slowness of the service restoration, with thousands of passwords needing to be reset, is another issue. 

 

Roberts is confident that Sony will be able to regain its users’ trust. “Their user insurance policy initiative is a case of unreserved and public response. That’s the crucial aspect of crisis management; incidents happen, but people recognise that this is the case – it’s the way in which businesses react to the situation that shapes public perception.”