That means it took Sony an astonishing nine days from the initial attack (which it says it didn't notice until the 19th) to inform its customers that their personal and banking details could have been nicked.
After days of urging "patience", an out-of-blue admission of stolen data and panic warnings of "identity theft" and "financial loss".
The fallout from this revelation has reverberated around the globe, making PlayStation front page news for all the wrong reasons. And whether fair or not, the impression left is one of a company that has failed to come clean soon enough; that cannot be trusted to handle sensitive information; and that, in the middle of a crisis, fails badly to communicate with its customer base.
After fumbling the issue while the flow of information was within its control, the story now risks developing too quickly for Sony to keep up. While it ponders its next move, security experts, credit agencies, banks, public watchdogs, journalists and, of course, consumers line up to talk to the media about the severity of a situation in which so much is still unknown.
When did Sony first realise users' personal data had been compromised? If the company takes "information protection very seriously", why weren't the "additional measures" it is promising already in place?
What was the original security arrangement? Will the rebuilt system become more secure than is standard or simply brought in line with comparable services? Were, as speculation suggests, details held in unencrypted form? If so, why?
Who is the "outside help" brought in and at what point? If there is indeed a "clear path" for restoring "some services within a week", which ones?
"Some are already calling this Sony's "Deepwater Horizon moment"."
It's important not to lose sight of the fact that the real villains here are the hackers, depriving gamers of access to PSN and causing major harm to Sony's reputation.
And I must spare a thought for PlayStation's UK PR team, which has endured a torrid few days while forced to rely on US-led updates to filter through a strategy that has so far proved calamitous for the company.
Some are already calling this Sony's "Deepwater Horizon moment", in reference to the oil rig explosion and the subsequent handling of it by BP that caused the company's reputation so much damage.
Even Max Clifford wouldn't be able to put a positive spin on the present PSN fiasco. But Sony's response so far betrays a worrying short-sightedness over how information and, equally, misinformation spreads in the age of the social network.
Treating the issue as a one-way conversation meant Sony was never in control of it. And failing to prepare users, after a week of uncertainty, for last night's startling admission only served to magnify its negative impact.
All of which means, when Sony attempts to clarify the reasons for the lack of communication, as far as the momentum of the story is concerned, it's too little, too late.
Technical problems aside, Sony now has a mountain to climb to rebuild trust in its online services once they're switched back on. And that process can only begin once it starts engaging openly and transparently with the millions of PlayStation fans still wondering exactly how this happened.