HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 13 MINUTES AGO.
You are here: Home / Network Security / Sony Fined $395,000 for Data Breaches
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Sony Fined $395,000 for Poor Security in Data Breaches
Sony Fined $395,000 for Poor Security in Data Breaches
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
24
2013



(Page 2 of 2)

"If it weren't for Sony's size and reputation, this may have gone unnoticed, or worse, covered up," Westmoreland told us. "Organizations that must be compliant under [various regulatory standards] and require regular testing of controls are in a much better position within the Internet threatscape.

"In some situations a serious breach may shut down the non-compliant organization rather than simply landing them with a fine that is absorbed as an expense and eventually passed along to the consumer. That is what makes organizations take this seriously."

Alex Horan of CORE Security told us he's excited about the reasoning behind the fines. As he sees it, it sends a message that businesses can no longer avoid security testing because they want to be able to say "we didn't know of any issues, so it is not our fault that they exist."

"The ICO said that if a business has some level of technical expertise, then it cannot claim ignorance to the possibility of IT-related risk," Horan said. "Ignorance is no longer a defendable position."

Evan Robert Keiser, security analyst at Perimeter E-Security, told us the fine was long overdue and should have been much larger. He noted that Sony underwent two fairly large lawsuits after the breach because they violated Payment Card Industry compliance by failing to notify PlayStation Network members of a possible security breach and storing members' credit card information for quite some time before releasing information about the full scope of the breach.

"Not only did Sony fail to use firewalls to protect its networks, it was using outdated versions of the Apache Web server with no patches applied on the PlayStation Network during the time of the breach," he said. "They should have spent more money ensuring their own security was up to date and less protecting copyrights as well as pursuing hackers like Geohot who's publishing of their root keys and his own homebrew PS3 software could potentially allow a user to play copied discs."

< Previous Page  1  2

Tell Us What You Think
Comment:

Name:

Pat Michaels:
Posted: 2013-01-26 @ 7:19am PT
That's chump change to them. Not even a slap on the wrist.

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Barium Ferrite Is The Future Of Tape: Barium Ferrite (BaFe) offers greater capacity, superior performance, and longer archival life compared to legacy metal particle (MP) tape. Click here to learn more.
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Sony is no stranger to breaches. Sony’s PlayStation Network was hacked in 2011 and attackers obtained 77 million user accounts. The latest attack comes against Sony Pictures Entertainment.

MOBILE TECHNOLOGY SPOTLIGHT
In its bid for the wearables market, Sony is reportedly developing a watch made out of electronic paper for release as soon as next year. The e-paper watch will emphasize style over tech innovations.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.