On April 26th, Sony disclosed an “external intrusion” on its systems between April 17 and 19 that affected its PlayStation Network and compromised credit card data, email addresses and other personal information from 77 million user accounts. On May 2nd, Sony said personal information — but not financial details — from an additional 24.6 million online gaming accounts also may have been stolen. Now it appears that Sony may have thwarted a third attack this past weekend.
The Washington Post writes that CNET posted advance warning of a third attack planned by the same hacker group. By monitoring an Internet Relay Chat channel the group uses, an informant was able to tip CNET to the possibility, and Sony used this information to ward off the planned 3rd attack.
The failure of Sony’s server security has ignited investigations by the FBI, the Department of Justice, Congress, and the New York State Attorney General, a well as data security and privacy authorities in the U.K., Canada, and Taiwan. In this Huffington Post article, a Sony executive is quoted as saying the data breach that hit Sony’s PlayStation Network resulted from a “very carefully planned, very professional, highly sophisticated criminal cyber-attack designed to steal personal and credit card information for illegal purposes.”
Sony originally expected some of its services to be restored last week but has now pushed back that deadline to an unspecified date. Bloomberg reported that although Sony missed its initial deadline to restore some services, it still plans to have the full network restored by May 31.
With so much mainstream news coverage in print, online, and on the TV, network security has leapt to the top of most IT Directors’ minds. With an obligation to protect customers’ proprietary data coupled with the need to protect the company’s own data and intellectual property, security has never been more important. Add the need to allow mobile and remote access for customers, business partners and employees, and the scope of the issue increases exponentially. Bottom line – NOW is the time to evaluate and tighten your organization’s data protection policies.