Sony Corp. (6758), besieged by hackers since April, considered its PlayStation Network an unlikely target even after threats by the online collective Anonymous and three separate security incidents in 2008.
The hacker group declared in April that it would wage a cyber war against Sony for trying to stop people from tinkering with the PlayStation 3. Three years earlier, the company faced three breaches in Europe, including one in which Sony said some PlayStation Network user data might have been stolen.
The repeated incidents should have warned Sony its online network was vulnerable, said Eugene Spafford, a computer science professor at Purdue University in West Lafayette, Indiana. The failure to enact safeguards such as appointing a single chief of security may show Sony misunderstands the risks inherent in Chairman and Chief Executive Officer Howard Stringer's networked strategy, he said.
"The evidence we've seen so far speaks to a lack of a good data management plan and a good security plan," said Spafford, who specializes in information security, computer crime investigation and information ethics.
Japan's Ministry of Economy, Trade and Industry said today it told Sony to carry out preventive measures against data breaches, instructed the company to ease customer concerns over misuse of credit cards and share more information among affiliates.
Sony has struggled to keep up with the barrage that started in mid-April. The Qriocity and PlayStation Network entertainment services were knocked out for almost a month, compromising data in more than 100 million accounts.
In the past week, the Tokyo-based company has been hit with smaller intrusions -- a breach at online-service unit So-net Entertainment Corp. (3789) led to the misuse of user names and passwords of 128 customers. This week, Sony shut web pages that were targeted in Greece, Canada, Thailand and Indonesia.More
Great website to make big money online.