Over the weekend, some attendees of E3 2019 were dismayed to learn that their personal information was compromised by the Electronic Software Association, the organization behind E3. The ESA issued an apology for the leak, but it didn’t reverse the damage that had been done; journalists and content creators trusted the ESA with personal information, and that trust was violated. Regaining that faith was already going to be difficult, but the battle got even harder today with the discovery of another leak from E3s held in 2004 and 2006 (when the expo had the old-school logo pictured above).
In an email sent out to E3 attendees of those years, the ESA explains that the issue was discovered while looking into the initial leak: “In the course of our investigation, we learned that media contact lists from E3 2004 and 2006 were cached on a third-party internet archive site. These were not files hosted on ESA’s servers or on the current website. We took immediate steps to have those files removed, and we received confirmation today that all files have either been taken down or are in the process of being removed from the third-party site.”
The email does not specify exactly what information was available on those media contact lists. We reached out to the ESA for clarification, but have not yet received a response.
The ESA also says: “We are working with our partners, outside counsel, and independent experts to investigate what led to this situation and to enhance our security efforts. We are still investigating the matter to gain a full understanding of the facts and circumstances that led to the issue.”
Whatever understanding the ESA gains, it has a long road ahead to make amends.