Tag Archives: Sony

ICO Hit Sony With £250,000 Fine After Data Breach

The Information Commissioner’s Office (ICO) have hit Sony Computer Entertainment Europe Limited with a hefty £250,000 fine after completing their investigation into the data breach that occurred in 2011.

The incident occurred in 2011 when the PlayStation Network (PSN) was infiltrated by hackers. As a result of the breach, Sony confirmed that the hackers could have gathered personal information belonging to as many as 77 million people worldwide. It is thought that the personal information stolen included names, date of birth, addresses and even credit card details. However, soon after the initial breach was publicised, Sony released a statement claiming that all financial data and details was encrypted.

After the ICO investigation was completed, they came to the conclusion that the security defences that Sony had in place were quite simply not up to the task to protect the type of data that they had stored.

Deputy Commissioner of the ICO, David Smith, claimed, “If you are responsible for so many payment card details and log-in details, then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.”

Sony Computer Entertainment Europe Limited have already expressed their disappointment of the findings and conclusion of the investigation and are planning to appeal the fine.

In a statement, Sony stated, “Sony Computer Entertainment Europe strongly disagrees with the ICO’s ruling and is planning an appeal. SCEE notes, however, that the ICO recognises Sony was the victim of ‘a focused and determined criminal attack,’ that ‘there is no evidence that encrypted payment card details were accessed,’ and that ‘personal data is unlikely to have been used for fraudulent purposes’ following the attack on the PlayStation Network.”

Sony also added, “Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient. The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack.”

Sony will only have to pay £200,000 if they pay the fine by the 13th February as part of an early payment discount.

As the techniques of hackers are becoming more sophisticated and complex, the importance of having adequate data protection methods in place is becoming more vital as each day passes. To further enhance your protection, a secure and robust data backup solution should be in place to ensure that any deleted or tampered data can be recovered, helping to reduce the overall impact if you systems were successfully hacked.

Sony Suffer New Security Breach

Sony have suffered yet another security breach which has resulted in 93,000 PlayStation Network and SOE games service accounts being locked after unauthorised sign-in attempts. The unknown hackers managed to verify a number of members IDs and passwords. Those affected will be glad to see that their credit card details were not at risk.

This latest attack that occurred between 7th and 10th October isn’t on the same scale as to previous security breaches. On their website, Sony stated “less than one tenth of one percent of users across the three networks may have been affected in the latest incident.”

Chief information security officer Philip Reitinger stated that “We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. He later added that “Only a small fraction of these 93,000 accounts showed additional activity prior to being locked.”

Sony has started the procedure of informing those affected by sending an email which instructs them to reset their password in order to reduce the possibility of such a breach occurring again. It has been speculated that the information leading to the data breach may have been taken from other companies but so far Sony has refused to comment on this as their investigation continues.

This latest case is one that Sony really could have done without as they attempt to regain the trust of millions of people after a string of security breaches. The most prominent breach occurred in April when hackers stole details of 77 million gamers which resulted in the PSN being shut down by Sony for 40 days.

CSO – good or bad idea?

Sony has appointed Philip Reitinger, as new chief security officer and senior vice president.  It is one of many steps that the company is taken to improve their network security, following a series of high profile cyber-attacks.

Computing magazine comments that ‘there has never been a worse time to be a chief security officer’.  But since these attacks, security has been pushed to the top of the international agenda.  Perhaps therefore, it is the best time to be an organisation’s head of security.  The government’s launch of its new cyber security strategy confirms cyber security remains a tier one issue and a BCS poll of IT professionals showed that security awareness topped their list of concerns.

Schwartz, the new CSO for RSA explains that ‘for a long time, these advanced attacks were able to continue without being noticed.  We need to shorten the window of opportunity for hackers, and measure our ability to limit the damage.  Then we’re bringing the fight to the adversary.’

The expense and embarrassment cannot be easily disregarded, with both short and long term costs.   In the short term, the cyber-attack set Sony back £107m.  But in the longer term, shares fell 55% and the negative media coverage will have affected the Sony reputation. Therefore, the chief security officer post may well be in order.  However, scepticism is still high amongst Computing readers, 45% see little benefit in the new position believing that a CSO is never recognised for their successes but only their failures.

But principal analyst at Ovum, Graham Titterington believes the role to be truly necessary and more than just a PR exercise.

‘If the company is big enough then it’s proper to have a CSO and not just wrap it up into the CIO role.  The concept of the role is sound; I wouldn’t dismiss it as a political gimmick.’

 

Read more: http://www.computing.co.uk/ctg/news/2111791/analysis-cso-stunt-scapegoat-idea#ixzz1Z3bsN0oW
Computing – Insight for IT leaders Claim your free subscription today.

Sony: Bouncing Back

Sony has had a difficult year, not least because of the hacking scandal in April but also because of the earthquake in Japan as well as the London riots.

Sony CEO Howard Stringer spoke at the IFA electronics trade show in Berlin yesterday and highlighted the difficulties of the last 12 months, but was optimistic about the future.

“This year at Sony we have been flooded, we’ve been flattened, we’ve been hacked, we’ve been singed” said Stringer.

April saw Sony face one of the largest hacks in history leading to the data of 75 million users being compromised.

However the summer saw Sony embark on getting the service back online and they have done so with surprising success.

“We have more than 3 million new customers since the network came back online, and sales are exceeding what we had before the cyber attacks” said Stringer.

Also highlighted at the conference was Sony’s intention to go for the competitive approach of bringing together gaming, music and film under the umbrella of the Sony Entertainment Network (SEN).  This will place Sony strongly within the market place among the likes of Apple.

Sony Back Online

The Sony Network outage back in April led to gamers being unable to access their online accounts.

Following what was called a sophisticated hack, Sony was forced to take down its PlayStation Network service in addition to receiving attacks to its Online Entertainment service.

Although credit card information was encrypted no theft has yet being recorded from the 100 million users affected.

Rosenberg called the incident a bump in the otherwise good relationship Sony have with their customer base. In order to keep the relationship alive Sony have introduced a ‘Welcome Back Package’ which includes all forms of incentives such as free movie downloads and games.  Furthermore PlayStation are granting users a $1 million identity-theft insurance policy for next year.

“The great news is that they are back though, and our service is up and operating and secure and delivering – doing exactly what it’s supposed to do” Howard Stringer, CEO of Sony commented.

“When our gamers get online, they’re getting online to game. They’re not thinking operationally about how it’s happening. They just want to have fun” he added.

Sony has so far being unable to determine who was responsible for the attack although Scotland Yard are now questioning 19-year old Ryan Cleary in connection with the attacks following his recent arrest.

“We will examine the individual for any Sony data” a representative told Develop. Sony had previously pointed the finger at the hacker group Anonymous.

Sony’s network is now as secure as it can be according to Stringer however he admits “nobody’s system is 100 percent secure.”

“This is a hiccup in the road to a network future.”

 

Sega Data Breach

The Sega pass website has been hacked leading to the details of thousands of people in Europe being compromised.

Although it is not known who is responsible the hacking group LulzSec have tweeted that they would like to help Sega find the culprits. LulzSec were responsible for the recent attacks on Sony affecting up to 100 million people. Further work includes hacking into several porn websites, PBS, Sony, Fox, and federal bodies such as the FBI and CIA.

The group defends its activities by stating “this is the internet, where we screw each other over for a jolt of satisfaction.” The group appears to gain great satisfaction from creating a little online havoc every so often arguing that they act on the request of callers and not through their own choice.

Although no financial data was stolen as Sega use an external organisation to process payments the data lost comprises of email addresses, dates of birth and encrypted passwords. All in all approximately 1,290,755 have been affected.

The Sega Pass system has been offline since Thursday 16th June displaying the message “SEGA Pass is going through some improvements so is currently unavailable for new members to modify their details including resetting passwords. We hope to be back up and running very soon.”

The hack is a further call for online security everywhere to be beefed up. LulzSec draw upon a good point when they highlight the fact that not every hack will be announced by the hackers and it seems that if you haven’t already being affected, it is only a matter of time before you are.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal