Premium Essay

Sony Data Breach

In:

Submitted By tniemann23
Words 3014
Pages 13
Sony Pictures Data Breach
Review
In this paper I am going to be talking about all aspects of the data breach Sony Pictures experienced starting in early November 2014. As you would expect a data breach is a very serious issue especially for big corporations such as Sony. This data breach all started on November 24th, 2014 when Sony realized they were becoming a victim of a high profile studio wide cyberattack. A cyberattack is when a company has unauthorized people or computers accessing protected files and information. For a big corporation like Sony you can imagine this caused a big uproar and got the public’s attention. The cyberattack was traced back to a group that called itself #GOP or the Guardians of Peace. This group of hackers is supposedly from North Korea which does not makes this situation any better. There were a number of things Sony was worried about be accessed, such as unreleased movies, employee information, customer information, and other sensitive material. The first step of this hacking process involved GOP illegally acquiring a valid digital certificate from Sony. After gaining access to the company from this certificate, GOP was then able to release a malicious software called Destover, which sneaks into the systems and takes over, giving access to the data. After that Sony’s next move was to immediately blacklist that copy of the digital certificate, so if it were to be used again it would be flagged as malware and not allowed passed the other security measures. While Sony has currently curbed the cyberattacks there is no way for them to get back the hundreds of terabytes of data already stolen. What happened next was devastating for Sony Pictures. There were a number of unreleased films leaked such as, Annie, Fury, Mr. Turner and Still Alice. Employee salaries, company passwords, other sensitive information, and IT related information.

Similar Documents

Free Essay

Sony: the World’s Largest Data Breach?

...PlayStation Network is used by Sony game machine owners to play against one another, chat online, and watch video streamed over the Internet. The largest single data breach in Internet history was taking place. On April 20, Sony engineers discovered that some data had likely been transferred from its servers to outside computers. The nature of the data transferred was not yet known but it could have included credit card and personal information of PlayStation customers. Because of the uncertainty of the data loss, Sony shut down its entire global PlayStation network when it realized it no longer controlled the personal information contained on these servers. On April 22, Sony informed the FBI of the potential massive data leakage. On April 26, Sony notified the 40 states that have legislation requiring corporations to announce their data breaches (there is no similar federal law at this time), and made a public announcement that hackers had stolen some personal information from all 77 million users, and possibly credit card information from 12 million users. Sony did not know exactly what personal information had been stolen. The hackers corrupted Sony's servers, causing them to mysteriously reboot. The rogue program deleted all log files to hide its operation. Once inside Sony’s servers, the rogue software transferred personal and credit card information on millions of PlayStation users. On May 2, Sony shut down a second service, Sony Online Entertainment,...

Words: 293 - Pages: 2

Premium Essay

Internet Technology, Marketing and Security

...products, which requires the collection of data in order to facilitate these purchases. Unfortunately this can leave these corporations vulnerable to security breaches in an attempt to steal the information contained in these databases. One major corporation that suffered a security breach recently was Sony Corporation, which had two database security breaches in 2011. Sony Corporation was founded in May of 1946 and is headquartered in Tokyo, Japan with a U.S. Division called Sony Corporation of America. They have approximately 168,000 employees worldwide. Their major product lines are audio, video, televisions, information and communications, semiconductors, and electronic components. In 2010 global consolidated sales and operating revenue were $7,181,300 billion Yen or approximately $89.8 million US dollars (Sony Corporation, 2012). Sony Corporation has two websites, www.sony.com for the U.S. business lines and www.sony.net for the global corporate site. Each website is very similar in its offerings. Product information is available with detailed specs, and there are options to purchase some products online or links to purchase from a Sony store or retailer. Customization of the VAIO computer line can be done on the website giving the consumer the option to build their computer with more options than would normally be available in retail stores, although stock models can be purchased (Sony Corporation, 2012). Contact can be made with Sony through various means on their website...

Words: 1790 - Pages: 8

Premium Essay

Security Breach

...Running Head: SECURITY BREACH Security Breach faced by Sony Corporation Introduction In the global marketplace, to attract the customers and provide relevant information to the customers, internet is used by most of firms as a promotional tool. In this, web-sites, social networking sites, etc. are used by the firms to communicate with the customers. Although, many security tools and techniques are used by the firms to secure the data of firm and customers, yet, some security breaches are also faced by the firms due to technical advancement. For this paper, Sony Corp. is selected that has faced security breach. Sony Corporation is a multinational firm that operates its business in global market and belongs to Japan and produces electronic products for the customers (Sony Corp. Info, 2011). There will be discussion about products information, contact information, internet marketing strategies, privacy policy of the firm, etc. Evaluation of Website Sony Corporation provides whole relevant information on the website of the firm about its products, services, etc (Sony Corp. Info, 2011). Areas that are evaluated for the firm are as follow: Product information: Sony Corporation has developed its website effectively that attracts the customers to purchase products. The firm provides all relevant information about the products on its website. Additionally, the firm also has made a list of its products that includes various categories of products...

Words: 1807 - Pages: 8

Premium Essay

Strayer Bus 508 Assignment 4 (Diversification)

...Network Sony Corporation is a well diversified company providing many complementary products and services. Not only does Sony offer electronics through its own website, it has a series of online products and services it offers to its users. The PlayStation Network, a part of the Sony Entertainment Network, is one of these many services. Through the PlayStation Network, owners of Sony PlayStation products can play games online with each other. Users can also purchase games and additional items through the PlayStation Network. Credit card information is stored in the network to be used for future purchases. Storing credit card information allows users to make future purchases very quickly, and possibly increases sales. However, its users entrust Sony to handle this information with care. In April 2011, the Sony PlayStation Network had a series of security breaches that not only compromised users’ login, password, and personal information, but also their financial information such as credit card numbers. The Sony PlayStation Network had to shut down completely and did not return fully for over a month. This paper will discuss the PlayStation Network and the recent security breaches. Despite the fact that the PlayStation Network has over 77 million online users, the system was compromised and Sony was unable to respond adequately to the problem. All companies can learn valuable lessons from the 2011 Sony PlayStation Network breaches. Network Within a Network Sony Corporation...

Words: 1593 - Pages: 7

Premium Essay

Mis Sony

...Sony Case Study Questions 1. List and describe the security and control weaknesses at Sony that are discussed in this case. The case discusses the main security and control weaknesses at Sony which allowed a breach of their network. Sony, at the time of the breach, did not make security and control a top priority. Some of the security weaknesses noted in the case study includes the fact that Sony was using an older version of software (Apache Web Server) which had known security issues. This impaired the security of their firewall, allowing hackers to get in. As for control weaknesses, there were obviously not the appropriate policies or organizational procedures in place, since Sony did not know what information was stolen from their servers, the fact that it took days for Sony to inform their customers of the breach immediately shows a lack of training of their management and staff and also Sony’s delay in shutting down all of their servers at the point when they learned of the attack. If the proper policies and organizational procedures were in place, perhaps it would not have been as dramatic for Sony. 2. What people, organizational, and technology factors contributed to these problems? Contributing to these problems was management’s unwillingness to spend the appropriate amount of money on the needed software to ensure security, the lack of training of their employees, almost non-existent procedures, and outdated software. With proper management and procedures in...

Words: 334 - Pages: 2

Premium Essay

Business Fraud

...were filed against Sony Corporation for the theft of user data from the PlayStation game network. The lawsuits accuse Sony of negligence and breach of contract for allowing the personal data of more than 100 million on-line video game users to be compromised (Tauriello, 2011). A hacker stole the names, birth dates and possibly credit-card numbers for millions of people who play online videogames through Sony’s sne in Your Value Your Change Short position PlayStation console. This could rank among the biggest data breaches in history. Sony is being criticized for not alerting customers in a timely manner of the possibility that their personal information may be compromised. The main control issue in this case was the lapse of security. Sony was attacked in a number of areas including their website, network, and gamming platform. Several security problems began simply by entering specific searches in Google. Cyber investigators identified numerous loopholes in various pages from Sony websites that were exposed to being exploited. The Java security console alone was easily accessible on several web pages. This provides access to underlying functions of the website including information. This is normally unavailable on a secure website server. The information extracted from this negligence could be used to access servers, databases, and other security resources. In this case, it seems that the hackers essentially could have accessed any technology within the Sony infrastructure that...

Words: 867 - Pages: 4

Free Essay

Assignment 4: Internet Technology, Marketing, and Security

...someone outside of that business relationship between the business and the consumer interferes, or hacks, that information flow. An entire industry has been created to protect that information flow from being “hacked”. In 2011, Sony went through what is known as the largest security breach in history. The breach affected 77 million PlayStation Network users, 24.5 million users of Sony Online Entertainment and many more customers across the nation. All this was caused, according to Sony, by an “outdated database from 2007” (Lina, 2011). Assignment 4: Internet Technology, Marketing, and Security In 2011, there were more than 300 corporate security breaches. Sony, Citigroup, and Morgan Stanley Smith Barney are among the major firms that have reported to their customers that they have been hacked (Mintzer, 2011). Hacking is continuously happening to companies all over the world. Sony Corporation is a leading manufacturer of audio, video, game, communications, key device and information technology products for the consumer and professional markets. With its music, pictures, computer entertainment and on-line businesses, Sony is uniquely positioned to be the leading electronics and entertainment company in the world. Sony Corporation was founded on May 7, 1946. The headquarters is located at 1-7-1 Konan, Minato-ku, Tokyo 108-0075, Japan. Its corporate executive officers include Howard Stringer, Chairman, and Kazuo Hirai, President and CEO. The...

Words: 1284 - Pages: 6

Premium Essay

Lalalala

...Case Study Questions 1. List and describe the security and control weaknesses at Sony that are discussed in this case. The case discusses the main security and control weaknesses at Sony which allowed a breach of their network. Sony, at the time of the breach, did not make security and control a top priority. Some of the security weaknesses noted in the case study includes the fact that Sony was using an older version of software (Apache Web Server) which had known security issues. This impaired the security of their firewall, allowing hackers to get in. As for control weaknesses, there were obviously not the appropriate policies or organizational procedures in place, since Sony did not know what information was stolen from their servers, the fact that it took days for Sony to inform their customers of the breach immediately shows a lack of training of their management and staff and also Sony’s delay in shutting down all of their servers at the point when they learned of the attack. If the proper policies and organizational procedures were in place, perhaps it would not have been as dramatic for Sony. 2. What people, organizational, and technology factors contributed to these problems? Contributing to these problems was management’s unwillingness to spend the appropriate amount of money on the needed software to ensure security, the lack of training of their employees, almost non-existent procedures, and outdated software. With proper management and procedures in place...

Words: 333 - Pages: 2

Premium Essay

Business Fraud (Sony Corp.)

...Sony Corp. Systems and Information Breach A Review of Business Fraud   Abstract This paper explores the Sony Corp hacking case committed in April 2011, with the use of five published articles that support a review of business fraud against the company. The paper will include the following requirements: 1. A summary of a case study and include how the fraud was perpetrates, the characteristics of the perpetrators who committed the fraud, the role the auditors had in the case, and the direct and indirect effects the incident had on the organization’s stakeholders (customers, vendors, employees, executive committee, and board of directors) 2. Suggestions and rationalizations concerning the fraud classifications and that the case can be categorized into (based on the data processing model) will be presented 3. Suggestions regarding the types of controls that may have been in place at the time of the violation 4. Recommendations of two (2) types of controls that could be implemented to prevent fraud in the future and additional steps management can take to mitigate losses. 5. Judgment concerning the punishment of the crime (was it appropriate, too lenient, or too harsh) and whether the punishment would serve as a deterrent to similar acts in the future. The assignment will take the Sony Corp. systems fraud case and attempt to evaluate the different approaches and techniques that are used to commit, detect, and prevent computer fraud. Control and security concepts...

Words: 1487 - Pages: 6

Free Essay

Sony Play Station Security Breach

...Sony Play Station Security Breach It is almost impossible to find the top reasons why most security breaches happen on a secure network compromising hundreds to thousands of users’ personal information. To protect a network and thoroughly secure confidential information, one has to examine the top vulnerabilities and think outside of the normal box to protect it. When a security breach happens, there is usually a pretty simple reason why it has happened. I will discuss one of the highly publicized security breaches to happen in years, the Sony PlayStation Network & Qriocity music and video service, what caused the breach and how this could have been prevented. On April 27, 2011 more than 70 million customers of Sony’s PlayStation Network and Qriocity music service received a disturbing email saying that everything the company knew about them including where they live, when they were born, their logins and passwords, and possibly more information had been hacked into. On May 2, 1011, a week later, a second security breach occurred on a different Sony network. The Sony Online Entertainment Networks was targeted and compromised 24.6 million users. Of that number, 12.3 million had their credit card information stolen. Lastly 2,500 user’s names and addresses were leaked from the electronics division of Sony creating a third incident. A total of three security breaches in three weeks amounted in over 100 million users having their personal information stolen makes customers’...

Words: 584 - Pages: 3

Premium Essay

Sony

...Case Study Questions 1. List and describe the security and control weaknesses at Sony that are discussed in this case. The case discusses the main security and control weaknesses at Sony which allowed a breach of their network. Sony, at the time of the breach, did not make security and control a top priority. Some of the security weaknesses noted in the case study includes the fact that Sony was using an older version of software (Apache Web Server) which had known security issues. This impaired the security of their firewall, allowing hackers to get in. As for control weaknesses, there were obviously not the appropriate policies or organizational procedures in place, since Sony did not know what information was stolen from their servers, the fact that it took days for Sony to inform their customers of the breach immediately shows a lack of training of their management and staff and also Sony’s delay in shutting down all of their servers at the point when they learned of the attack. If the proper policies and organizational procedures were in place, perhaps it would not have been as dramatic for Sony. 2. What people, organizational, and technology factors contributed to these problems? Contributing to these problems was management’s unwillingness to spend the appropriate amount of money on the needed software to ensure security, the lack of training of their employees, almost non-existent procedures, and outdated software. With proper management and procedures in place...

Words: 493 - Pages: 2

Free Essay

Sony Reels from Multiple Hacker Attacks

...Introduction The case that is discussed in this paper is Sony Reels from Multiple Hacker Attacks. The paper will touch different points regarding this case. One of the interest points refers to the Sony PSN debacle and the costs of the incident. Another interest point refers to gaming and virtual services over the Internet, such as WOW, SL, and Sony PSN. The paper also focuses on catching hackers and sentencing them (whether or not they should be). Another point of the paper is to discuss whether or not it is good for companies not to admit when there is a data breach within their system. The last point of discussion refers to a personal example of identity theft. Sony Reels from Multiple Hacker Attacks According to International Business (2011), the last time that Sony's Playstation Network has been attacked was in May 2011 because multiple users have reported complaints to the company. There has been more than $1,200 stole from the accounts of the users. This may not be a large sum of money, but it is something. Anyway, security experts consider that this company is sill vulnerable to cyber attacks from all over the world. Sony PSN has been hacked several times during its history. There are gaming and virtual services over the Internet like the World of Warcraft, Second Life, and Sony's PSN. Each of these services are paid and the companies store credit information online. In order to be protected and to protect the information of their consumers, these companies need...

Words: 738 - Pages: 3

Premium Essay

Ipad's Security Breach

...iPad’s Security Breach Samantha Phillips Dr. Prakash G. Menon BUS 508: The Business Enterprise May 29, 2011 Justifying Hacking into a Web site In 2010, McDonald’s said that customer information was exposed after a security breach involving an email marketing managing firm. McDonald’s released a statement explaining that information was obtained by an “unauthorized third party”, but added that financial information and social security numbers were not part of the data accidentally exposed. (Security Magazine, 2010) A security breach exposed iPad owners including dozens of CEOs, military officials, and top politicians. They, and every other buyer of the cellular-enabled tablet, were vulnerable to spam marketing and malicious hacking. The breach, which came just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised. In fact, it is believed 114,000 user accounts were compromised, although it's possible that confidential information about every iPad 3G owner in the U.S. has been exposed. (Tate, 2010) Earlier this year, the names and e-mails of customers of Citigroup Inc. and other large U.S. companies...

Words: 3288 - Pages: 14

Premium Essay

Yumyumyum

...Due to the breach, organizations (including Sony) should be subject to stricter corporate guidelines and expected to act in a socially responsible manner. Sony’s troubles were compounded by the global financial crisis, its financial, accounting and managerial have also been placed under the spotlight. News Paper: Sun Herald Article: Hit Back at Network breach Author: Lauren Farrow Date: April 27th 2011 Link: http://www.heraldsun.com.au/news/more-news/sonys-playstation-network-hacked-leaving-up-to-77-million-exposed/story-fn7x8me2-1226045466699 In recent years Sony has gone through some tough times. From the lofty heights as market leader in the early 2000s, to loss after loss, error after error late in the decade. If a business is to remain a success and to continue as market leader, it cannot afford to become comfortable with current business practices. It needs to continually look forward at new ways to be socially innovative, so too should it aim to socially responsible within the industry. It needs to closely monitor current trends and patterns within the market if it has any hope of surviving. With a plethora of different management options, the right approach should not be taken lightly, for Sony and its current problems, the systems thinking approach will be recommended. Being a global brand, it was impossible for Sony to avoid the effects of the global financial crisis. A combination of a few poor decisions along with some environmental factors put Sony on the back...

Words: 2211 - Pages: 9

Free Essay

Internet Technology, Marketing & Security

...customer information at purchase. Product information Sony actively uses customer feedback to improve its products. Opinions, reports of defective products, inquiries about using products and other feedback received through Customer Information Centers are reviewed and submitted to planning and design groups so that improvements can be made (Product, 2011). Sony established the Quality Hot Line in 2003, to gather product quality-related information, including reports of problems, as well as opinions from Sony Group employees. Employees can send messages regarding quality-related matters. The Quality Hot Line proposes and introduces measures to prevent previous problems from recurring and precluding potential new problems (Product, 2011). Sony has established dedicated quality management organizations in each of its business divisions. The headquarters' quality management and technology experts gather weekly and share quality issues among them. They are also responsible for monitoring the effectiveness of responses, ensuring they are consistent and help expedite Sony's quality improvement efforts (Product, 2011). Corporation’s Contact Information Questions and suggestions to Sony can be made based on which division you need to deal with. There are links for each division on their website to make contact. Messages can also be posted on social network sites such as Facebook and Twitter (Sony, 2012). These areas provide assistance by country and offer...

Words: 1581 - Pages: 7