Submitted by: Submitted by tonka819
Views: 428
Words: 5766
Pages: 24
Category: Business and Industry
Date Submitted: 06/05/2012 10:30 PM
Executive Summary
Sometime between April 17 and April 19, the Sony’s PlayStation Network (PSN) was hacked; allegedly by the hacking group “Anonymous”, and the personal and credit card information of approximately 77 million customers was compromised. The hacking incident was one of the 5 largest security breaches in history and a public relations nightmare for Sony. While, the incident has so far cost the company at least $200 million and significant loss of customer trust, the company’s attitude and response to the incident may wind up costing them even more.
The PlayStation Network stores each customers user ID, password, email address, name, birth date, and answers to security questions. For customers who purchase streaming media or games from the network, the database also contains their credit card information. If this information fell into the wrong hands, a customers’ financial security would be put gravely at risk.
It is alleged that the legal action, Sony pursued against another hacker for releasing a key that allowed users to develop and run any code they wanted on their PS3 consoles, was the primary motivation for the attack. While Sony was busy responding to a denial of service attack in early April, Sony’s systems were attacked again and the end result was that 10 of their servers had been compromised by these attacks. In response, Sony shut down their networks for approximately three weeks.
Although Sony’s security system met the requirements of some Federal laws and industry regulations, their security software may have been out of date and they had recently laid off a significant number of employees in their Network Operations Center, which is responsible for the prevention and detection of any security breaches of their system. These actions allowed their system to be more easily compromised than it should have been.
In response to this incident, Sony has implemented a number of preventative and detective security measures...