How to respond to a data breach without doing any good

Sony can't seem to figure out how to stop getting pwned

By  

If whoever cracked Sony open this far takes things one step further they'll be getting corporation information from Sony corporate servers before Sony executives do.

The attack was launched not from outside, but from an application server within Sony's network that was already protected behind a web server and two firewalls.

Successful hacks always chop away some of the confidence customers have in the company that was hacked.

If they handle it well, that confidence can be rebuilt.

Sony handled it really, really badly.

Keeping the attack secret for more than a week, giving few details at first about what had been hacked and what kind information had been lost, and assuming a few free offers, a couple of apologies and announcing it had hired a new chief of security were all good steps.

But the CISO job is new, which just emphasizes the low priority Sony put on security before its giant online services were cracked wide open.

The WSJ quotes Sony execs as saying the hackers "may" have taken 12,700 credit-card numbers from customers outside the U.S. and 10,700 U.S. bank account numbers from an "outdated database from 2007."

Not much consolation there, I think.

The FBI is investigating the attacks. Congress is investigating Sony.

Sony says it's cooperating with both investigations, but won't testify.

It is posting too-little, too-late notices and warnings to customers on the Playstation and SEO networks.

Somehow it doesn't seem as if anything it's done so far or has announced plans to do is going to either improve security much, or rebuild the confidence of customers that giving a credit-card number to Sony is any safer than just emailing it to the return address on unrequested email from the former finance minister of Nigeria.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question