New Lawsuit Alleges Sony Ignored Warnings, Fired Security Staff - HotHardware
New Lawsuit Alleges Sony Ignored Warnings, Fired Security Staff

New Lawsuit Alleges Sony Ignored Warnings, Fired Security Staff

It's been several months since the massive hack that brought the PlayStation Network to its knees. For Sony, the nightmare isn't over. A new lawsuit filed this past week alleges that the company ignored the warnings of its own staff, made no attempt to address the small break-ins now seen as precursors to the huge assault that followed, and actually fired security personnel immediately prior to the break-in.

There are numerous allegations. The company is accused of lavishly upgrading its own corporate security while neglecting to safeguard consumer information. This last is an established fact--while Sony remains the genuine victim of an attack, the company's external-facing servers were running outdated security software with known flaws. There were actually two significant incidents—77 milion accounts in North America and Europe were accessed in April, while an additional 25 million accounts were lifted on May 2.

The suit doesn't name how many SOE (Sony Online Entertainment) employees were laid off, but notes that the number was a "substantial percentage." If the suit is accurate, Sony may end up looking worse than it aready does. Unlike the data breach, which we didn't think would cause long-term harm, a case that demonstrated corporate suits were only concerned with patching security flaws on the corporate side of the equation really *could* leave a bad taste in customers' mouths.



As much as this news could make Sony's lousy PR situation even worse, we suspect Sony's decision to fire some portion of its security personnel had remarkably little to do with the success of the two hacks in question. Some of the flaws in Sony's security system had existed for quite some time and would only have been fixed by changes to corporate policy as opposed to simply having more cooks in the kitchen. In the absence of intelligent IT policy, the best security gurus in the world can do little more than watch a disaster unfold.

The plaintiffs in the case (Felix Cortorreal, Jacques Daoud Jr, and Jimmy Cortorreal allege that Sony should have known that a larger breach was imminent based on the smaller attacks that occurred in the preceding weeks. If the judge agrees with this line of reasoning, Sony's faiure to secure its network (and the firing of a section of staff) could look very bad indeed. On the other hand, technical data on the nature of the attacks could actually help exonorate the company. We can safely assume that the externally facing servers of the PSN were banged on by would-be attackers on a fairly regular basis. It's one thing to say a company failed to recognize/respond to a small-scale test of a large-scale tactic. Whatever attacks occurred prior to the Big One, they may or may not be connected.
0
+ -

Man, Sony cannot catch a break now can they?

First their system gets hacked, then their other system gets hacked, then their email list for their movies gets hacked and now a lawsuit?

I don't see how Sony is ever going to regain the customer's trust after this.

0
+ -

>> Man, Sony cannot catch a break now can they?

Karma's a @#%$^!

0
+ -

WTF Sony, this does not surprise me at all and I tend to believe what this article states. Personally I would not doubt if a class action suit is brought against them depending on what comes to light due to this current law suit. I have no doubts that Sony was negligent the question is how severe it was.

0
+ -

... so they fired the people that gave them a warning this could happen? WOW Sony is just getting pretty dam low there.

+1
+ -

geez Sony ..pure incompetence is one thing. sheer stupidity to terminate those to safeguard consumer information is another. All the while making sure your corporate was well-maintained and protected.

It's seems to me that they are likely to spend quite a bit and possible amend policy to attempt to salvage whatever media image they have left. More like Sony did not want to bother.

No longer would I ever trust any statements from them.

It's obvious to me that the only rat's a** Sony is concerned about is there's ..and it really stinks.

0
+ -

hahaha glad i never bought sony stock!

and I'm glad I never wasted a penny on a sony product.

0
+ -

That picture is classic LOL.

0
+ -

I'm not too surprised by the lawsuit and expect more lawsuits to come in the future. I'm also not too surprised by Sony's decision to upgrade corporate security while neglecting to secure its consumer network. I am surprised by the company's decision to fire security staff after so many warnings.

If the firing of security staff was part of a cost cutting move to help save the company money, then I suggest firing the Chief Information Officer and his immediate staff. I know doing that would not resolve the crisis at Sony, but it will play well for Sony's PR by creating a scapegoat.

0
+ -

I too expect more lawsuits to come of this breach in the future. I don't envy Sony's PR folks! They have their work cut out for them!

Login or Register to Comment
Post a Comment
Username:   Password: