Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
Disaster Recovery
Tame your scariest paperwork. Find Out How
Average Rating:
Rate this article:  
Sony Fined $395,000 for Poor Security in Data Breaches
Sony Fined $395,000 for Poor Security in Data Breaches

By Jennifer LeClaire
January 24, 2013 11:20AM

Bookmark and Share
The European fine against Sony was long overdue and should have been much larger, said security analyst Evan R. Keiser. "Not only did Sony fail to use firewalls to protect its networks, it was using outdated versions of the Apache Web server with no patches applied on the PlayStation Network during the time of the breach," Keiser said.
 


Sony has been slapped with a 250,000 pounds ($395,000) fine for poor security that exposed subscriber data in violation of Europe's Data Protection Act. The breaches, which date to April 2011, put the personal information of millions of customers -- including names, addresses, e-mail addresses, dates of birth, credit card details, and account passwords -- at risk.

Just weeks after hackers penetrated the Sony PlayStation Network, the hacking group LulzSec took responsibility for another attack on Sony Online Entertainment. During that attack, information from some 100 million user account profiles was exposed. Then, in October 2011, hackers attacked the PlayStation Network again. The company locked down 93,000 accounts.

Europe's Information Commissioner's Office (ICO) launched an investigation. The conclusion: Sony could have prevented the attack if it had kept its security software up to date.

No Apologies

"If you are responsible for so many payment card details and login details then keeping that personal data secure has to be your priority. In this case that just didn't happen, and when the database was targeted -- albeit in a determined criminal attack -- the security measures in place were simply not good enough," said David Smith, deputy commissioner and director of data protection for the ICO.

As Smith sees it, this is a business that should have known better. "It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe," Smith said.

Smith called the penalty "substantial" and made no apologies for it because the case was one of the most serious ever reported to his agency. The Sony breach directly affected a huge number of consumers, he said, and at the very least put them at risk of identity theft.

"If there's any bright side to this it's that a PR Week poll shortly after the breach found the case had left 77 percent of consumers more cautious about giving their personal details to other Web sites," Smith said. "Companies certainly need to get their act together but we all need to be careful about who we disclose our personal information to."

Fine Not Big Enough?

Richard S. Westmoreland, a team lead at Perimeter E-Security, said the fine was weak, considering how many people's information was stolen. He also was concerned it did nothing to prevent this type of negligence in the future, because it was reactive, not proactive. (continued...)

1  |  2  |  Next Page >

 

Tell Us What You Think
Comment:

Name:

Pat Michaels:

Posted: 2013-01-26 @ 7:19am PT
That's chump change to them. Not even a slap on the wrist.



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Disaster Recovery
1.   Microsoft Buys InMage Recovery Tech
2.   AWS' First 'City on Cloud' Awards
3.   Druva Debuts eDiscovery Solution
4.   Are Your Enterprise Assets at Risk?
5.   IBM Adds Disaster Recovery to SoftLayer


advertisement
Microsoft Buys InMage Recovery Tech
Will be integrated with Azure cloud.
Average Rating:
AWS' First 'City on Cloud' Awards
Winners presented best cloud solutions.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
34 European Banks Hit by Android-Skirting Malware
Criminals have been finding gaping holes in Android-based two-factor authentication systems that banks around the world are using. The result: 34 banks in four European countries have been hit.
 
New Web Tracking Technologies Defeat Privacy Protections
Recently developed Web tracking tools are able to circumvent even the best privacy defenses, according to a new study by researchers at Princeton and the University of Leuven in Belgium.
 
Juniper DDoS Solution Aims at High-IQ Networks
In the face of more complex attacks, Juniper Networks is boosting its DDoS Secure solution to help companies mitigate the threats with more effective security intelligence throughout the network fabric.
 

Enterprise Hardware Spotlight
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
 
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
 
Another Day, Another Internet of Things Consortium Is Born
In the emerging Internet of Things, zillions of devices will be talking to each other. Samsung, Intel and Dell just formed a consortium to ensure each thing can understand what others are saying.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.