November 8, 2013
In April 2011, a number of lawsuits were filed against Sony Corporation for the theft of user data from the PlayStation game network. The lawsuits accuse Sony of negligence and breach of contract for allowing the personal data of more than 100 million on-line video game users to be compromised (Tauriello, 2011). A hacker stole the names, birth dates and possibly credit-card numbers for millions of people who play online videogames through Sony’s sne in Your Value Your Change Short position PlayStation console. This could rank among the biggest data breaches in history. Sony is being criticized for not alerting ...view middle of the document...
Sony network sites such as Sony Corporation of America, Sony Electronics, Sony Pictures and even old websites including personal information were all accessible. Employee information was made available by virtue of an access point in the identity management system. Information became available on IT managers which could be exploited to launch phishing attacks on the sites. Hidden files could be accessed containing items such as links to password protected applications. The servers providing information on Sony customers linking their information to Facebook were in jeopardy. The Riverbed Technology security management appliance had a user-id already populated, accessible to anyone through one of the Sony servers (Fulks, 2001). These weaknesses of Sony caused these hackers to feel even more pressure due to the fact that it seemed so easy and effortless to accomplish. The rationale for these actions, the hackers claimed that the objective “was to prove that the Sony systems were easily breakable (Fulks, 2011).”
To mitigate the loss in this scenario Sony could have started by having greater server protection. They should have properly secured their data through known and available encryption methods. Although hackers may still have had the ability to get through it, it could have at least limited them to less than 77 million users. Sony could have been paying closer attention to and monitoring the validity of data collection and accessibility. They need to focus on operational crisis just as much as management crisis. Due to the poor crisis procedures of not notifying the consumers of the breach until April 26 despite the fact it had been investigating unusual activity since April 19, the damage that has been done to Sony may be irreparable to their consumers. To prevent future breaches and to have kept this breach...