On April 19, 2011, system administrators at Sony's On April 22, Sony informed the FBI of the
potential online gaming service PlayStation Network (PSN), with massive data leakage. On April
26, Sony notified the 40 over 77 million users, began to notice suspicious activity states that have
legislation requiring corporations to on some of its 130 servers spread across the globe and
announce their data breaches (there is no similar federal 50 software programs. The PlayStation
Network is used law at this time), and made a public announcement that by Sony game machine
owners to play against one hackers had stolen some personal information from all another, chat
online, and watch video streamed over the 77 million users, and possibly credit card information
internet. The largest single data breach in Internet from 12 million users. Sony did not know
exactly what On April 20, Sony engineers discovered that some The hackers corrupted Sony's
servers, causing them to history was taking place. data had likely been transferred from its
servers to mysteriously reboot. The rogue program deleted all log outside computers. The nature
of the data transferred files to hide its operation. Once inside Sony's servers, the was not yet
known but it could have included credit card rogue software transferred personal and credit card
and personal information of PlayStation customers. information on millions of PlayStation
users, On May 2. Because of the uncertainty of the data loss, Sony shut. Sony shut down a
second service, Sony Online down its entire global PlayStation network when it real-
Entertainment, a San Diego-based subsidiary that makes ized it no longer controlled the personal
information multiplayer games for personal computers. Sony believed contained on these
servers.
The tocal Secy data frracb now sumben oner too of secutaly, whatener it wis, ther believe in wai
Aacker. Acoording to Song, hackers kel a lees file are kecion. Anorg moev is the thame of an
leierset collactive of hackites and wigilandes whose mocto is "We was Google' haman teiources
department. had attacked MasterCatd and ceher onchuary serven in the Purdon Whionity Ccoter
for Baducation and retaliation for curtina their financiel irlationihipi with Wesearch in
Iaformation Assurance and Secuiricy Widibeaks a Web site drvoted to releationg secret Amer-
(CE.R1AS). Gild the problem at Soay was that ele ican poverment filek. PlaySiation Netwek was
asing an oldcr verviot of Socy and cehers believe the hacktr atrack. which Apache Web server
loftware, which has well knoon follownd wecks of a denial-of iervice atiack on the same lecurity
iswes. In astition. Sony's Wob site had uet) Soey servers. was netaliation by Anogymoer for
Sony's poor fifen all pectection. He said the pecblemi wit civil seit a paint Gicoge flote, ooe of
the world's beit fepotied on an open foriam months before the incidetik x. known hackers. Holte
cracked the iFhnoe operationg US. Secret Servise agcet told the comminise thail.
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
1. On April 19, 2011, system administrators at Sony's On April 22, Sony informed the FBI of the
potential online gaming service PlayStation Network (PSN), with massive data leakage. On April
26, Sony notified the 40 over 77 million users, began to notice suspicious activity states that have
legislation requiring corporations to on some of its 130 servers spread across the globe and
announce their data breaches (there is no similar federal 50 software programs. The PlayStation
Network is used law at this time), and made a public announcement that by Sony game machine
owners to play against one hackers had stolen some personal information from all another, chat
online, and watch video streamed over the 77 million users, and possibly credit card information
internet. The largest single data breach in Internet from 12 million users. Sony did not know
exactly what On April 20, Sony engineers discovered that some The hackers corrupted Sony's
servers, causing them to history was taking place. data had likely been transferred from its
servers to mysteriously reboot. The rogue program deleted all log outside computers. The nature
of the data transferred files to hide its operation. Once inside Sony's servers, the was not yet
known but it could have included credit card rogue software transferred personal and credit card
and personal information of PlayStation customers. information on millions of PlayStation
users, On May 2. Because of the uncertainty of the data loss, Sony shut. Sony shut down a
second service, Sony Online down its entire global PlayStation network when it real-
Entertainment, a San Diego-based subsidiary that makes ized it no longer controlled the personal
information multiplayer games for personal computers. Sony believed contained on these
servers.
The tocal Secy data frracb now sumben oner too of secutaly, whatener it wis, ther believe in wai
Aacker. Acoording to Song, hackers kel a lees file are kecion. Anorg moev is the thame of an
leierset collactive of hackites and wigilandes whose mocto is "We was Google' haman teiources
department. had attacked MasterCatd and ceher onchuary serven in the Purdon Whionity Ccoter
for Baducation and retaliation for curtina their financiel irlationihipi with Wesearch in
Iaformation Assurance and Secuiricy Widibeaks a Web site drvoted to releationg secret Amer-
(CE.R1AS). Gild the problem at Soay was that ele ican poverment filek. PlaySiation Netwek was
asing an oldcr verviot of Socy and cehers believe the hacktr atrack. which Apache Web server
loftware, which has well knoon follownd wecks of a denial-of iervice atiack on the same lecurity
iswes. In astition. Sony's Wob site had uet) Soey servers. was netaliation by Anogymoer for
Sony's poor fifen all pectection. He said the pecblemi wit civil seit a paint Gicoge flote, ooe of
the world's beit fepotied on an open foriam months before the incidetik x. known hackers. Holte
cracked the iFhnoe operationg US. Secret Servise agcet told the comminise thail the system in
2000, and in 2010 eriched the Sogy PhaySta- vat majority of artacks on databases were pok
hilhly tion client operitite syatem and laser polkithed the defricult. Morcover, once hackers ane
2. oa the inulk. procedaires oe his Wcb site Anocymoas deeied that as cribcal perional information
and credis informithob an? ati oeginization it stole crodit cands, but the Mateneent is wasally not
eocrypted. If such iaformation weic uaclear aboot whether its members as individuals partic-
rencrypeed, hickers would not be able to read the data ipoced in the attack, Anooymous claims
Soay is timply . The reason most perional data are not cocry pted in ? trying to cisctedit
Anogymoci invead of admitting its . Iarge-kcale private databoses is cont, and to a lesict Soayy
Bourd Chairmat apologized to its asers and operatioo like Sowy's could cavily require a doublis
af criaks in the United States Congrews for the security _ compoting capocity at Soey. This
modid significauty rat breakdown. Nicvertheles, governmentx around the aceld into profits for an
Interoct-based caterprise like Simen reacied hantily to che lapie ia security at Sooy. The US. s.
simply bectuse IT is anch a buge part of its comel House Commitice on Commerce,
Manufacturing and strocture. been trinuferted and for fatling to inform cuntomen _ for the later
attack oa Sony Pictures. Rather than immodiacly rather that waiting a weck befcee soing
ansouncing new porwerfal methods of hacking atick, ber public. In a letier to Somy. Board
Chairman Karoo Hinai, group claimed Sony's lax security allonch it to peilorm mation the
hackers stole and acsurabes that ho credit hole that cnabled it to access whatever information is
abd data siere swiped. Represcatetive Edward J. Markey wanted. D.Macs) suid, "Hackern and
thieves shoeldrit be Sony notified its customers of the data breach ho laying "Grand Theft Auto"
with millions of abdresies. posting a press felease cen its blog. It did not e-phail
free ganses and privacy protection ("AllCleat As data berathes rie in sigeificance and frequeacy.
ip Fhak') offered by a private security fitm ar Socyy' . Ahe Obuina adminiseration and Congress
are proponing retlac iscality. This offer is distributed to uakr e-mail breacbes within specific time
frames, and obts itandands avousce-he policy against potential losses, bot does halp. for dita
secerily, The Duta Accoentakiliny and Trast Act matriduals monitor the use of their perronal
information of 2011 beiog coetileted by Coegrts requirrs firma bo werioe, and by May 31, the
company bad restored Curtenily, 46 ataten have sach lepialatioe. In the past. swike to the United
Sates, Earope, and Ava except for many organirationt falled to report data hreacher for lapan So
far, wo law enforcement agency has reported Iear of hamming their brand images. li is unelear if
the Aecording to Frank Kenney, vice presilfent of ghobal brosectoce. wacarity at Ipwitch, a
company specialiring in transferring files securely oaliae, the fact that dotens of Soey Web sites
and servers had been breacbed are a sure signs of a company-wide problem. Any type of
emironthent can be breached, but Sony har to devise a plan that not only protects its
infrastructure but alio coevinces customers that their credit cand and personal iaformation are
safe. Sony's "brand is at atake," he aid. Socy's security problerns could take years to fix The
Sony data breach follows a string of rocent breaches that are lasger and byoader in wope than
3. ever before. The Privacy Rigbts Clearinghocse kecps a database of knowa data breaches. Prior to
the Sony debacle, the largeat data breach in 2011 occured at Eprilon, the world's larpest
permisiton-bared e-mail Case Study Questions marketing services company with more than
2,500 corporate customers, including many major banks and 1. List and describe the secsirity
and coutrol weaknessel at Sony that are discussed in this cise. 2. What people, onganizational,
and techaology factoes messages a year for tis clienth. In April 2011. Epaloe anessages a year
flor bas tecucity breach in which millions of anaounced a security breach in whista milions of e-
fail addresses were transferred to okitside servers. One revulf of this breach was miliont of
phishing Comsils ro ctutorhers and the potrntial for the loss of financial assets-