Maloni was part of a crisis management team that helped Heartland Payment Systems respond to a disastrous 2008 breach that exposed data on close to 100 million debit and credit cards.
Though the breach was one of the largest ever, Heartland's strategy was "to run towards the light" rather than remain mostly quiet as Sony has, Maloni said. From the start, Heartland was open about the breach, the scope of the intrusions, the causes of the breach and what it was doing to address them, he added.
Sony, in contrast, has been less open about the breach and its plan for fixing the underlying weaknesses in its networks. The company has also done a relatively poor job in setting user expectations after the breach, Maloni said.
"They should have started setting expectations very low. They should have done a better job [talking about] the perpetrators of the breach and how they were the true bad guys," he said. "I don't think Sony got out early enough to spell out what it was doing, and that has left a bad taste."
Maloni believes that if the problems persist, Sony will take more of a hit to its reputation than other companies that have suffered major breaches, such as TJX and Heartland. Those companies may have gotten a bit of pass because they were among the first companies to suffer major data compromises, he said.
But consumers since then have become less tolerant because they expect companies to learn from previous breaches, Maloni said. He expects that users will soon be asking, "What was Sony doing when all of these other companies were getting breached?"
Sign up for CIO Asia eNewsletters.