Sony’s Security Breach, their Delay in Reporting, and their “User’s it’s Your Problem” Stance Deserves close scrutiny

Another day, another data breach. This time Sony was hacked, with up to 70 million consumer records compromised. What’s different is the very poor way Sony has chosen to handle the incident to date, and they deserve to loss of consumer trust that will surely follow.

According to the company, names, email addresses, address (city, state, zip) country, birthdate, PlayStation passwords and login information, and possibly additional profile data, purchase history and credit card information.

Where Sony failed

  1. Sony waited nearly a week before acknowledging the data breach and informing consumers. Waiting a week is just unacceptable.  The most lucrative time period for criminals using stolen records is immediately after the theft, and before consumers have been notified and had a chance to take preventative measures.
  2. Sony dumped the onus of defending against potential fraud on users. They are responsible for the data breach, they need to step up and provide identity theft protection to consumers impacted by the incident.
  3. Though Sony has now engaged an outside security firm, Sony clearly failed to provide strong security safeguards for user’s data.  That hackers could access all this information indicates the data was not encrypted – this is outrageous – , nor was it stored in separate silos with unique passwords protecting each section.  Sony says they are ‘rebuilding’ their security’ well that’s a day late and a dollar short.  Why were they careless with consumer data until a breach occurred?

What does this mean to you?

  1. Be diligent in monitoring your financial and medical identities.The information accessed by these hackers has significant value and criminals will exploit any information they acquire.  Learn how to protect your identity, get free credit reports, freeze your credit, and more in my blogs:
    1. Protect your credit: one free step towards peace of mind
    2. Stay Safer – Place a Security Freeze on Your Credit
    3. ShieldSafe: ID Theft Protection Reminder Service
  2. Understand the scope of the ID theft problem by reading these blogs:
    1. 130 Million Credit and Debit Card Numbers Stolen – Is Yours Secure?
    2. 11 Things an Online Criminal Will Never Tell You
  3. Be wary of allowing additional information about yourself be placed online with Sony before better security standards are in place.
  4. Demand better security and accountability of the companies, institutions, and government agencies holding your records.
    1. Internal security measures need to be in place to:
      1. Block dishonest employees from making off with records
      2. Prohibit employees to take records away from the secure facility – in laptops, flash drives, etc. that can be stolen, “lost” or otherwise compromised.
      3. Train employees in security measures – and continually test that these are upheld
      4. Ensure all sensitive information is encrypted rendering it useless to those without the necessary key
      5. Increase defenses against hackers, with stronger security measures and multi-tiered layers
  5. National security standards need to be strengthened to:
    1. Increase penalties to companies with data breaches that failed to provide strong security protections.
    2. Increase speed of notification to consumers affected by data breaches
    3. Increase assistance to consumers affected by data breaches

Next, learn to identify scams. Scams have rapidly evolved. Though your junk mail folder captures the completely obvious and amazingly stupid scams, the ones that manage to fool the spam filters are likely to also fool you – particularly when your own breached information is being used to trick you.

Smart scams appear to come from a legitimate source – a company you do business with or a friend. They may have all the right ‘packaging’ – logo, terms of use, graphics etc. They may appear to know you well – using information gleaned from data theft and social networking sites. They may look official.  In fact, they may be indistinguishable from real email in all but the smallest details – like where a supplied link might land you – so looks alone cannot guarantee your safety. To really be safe you need to consistently follow the 14 Steps to Avoiding Scams:

In this incident, Sony not only failed to protect your data, they have failed to take responsibility for helping users remedy the problem. Let the company know just how unhappy you are, and let your elected officials hear your dissatisfaction along with a request for stronger requirements on companies holding consumer data.

Lastly, consider switching to a more socially responsible, security conscious gaming platform. I recommend Xbox as the most safety conscious and socially responsible gaming platform.

Full Disclosure: I am a former MSFT employee, but never worked on the Xbox Team, nor do I accept any form of compensation for any of my recommendations.



Comments are closed.

%d bloggers like this: