Consumer Security

Sony Victimized by High-Tech ‘Bank Robbers’

The closer you look, the uglier it gets. More evidence about the Sony hacking has emerged. Apparently, Sony Online Entertainment (SOE) was part of the target when the Sony PlayStation Network was hacked. SOE handles online multilayer games.

The SOE hacking was part of the Sony breach in mid-April that left the PlayStation Network down for the past two weeks, when hackers grabbed data from as many as 70 million accounts. Sony said some features of PlayStation Network will come back online within the next week.

Sony originally believed that SOE customer data was not part of the hacking attack. Then on May 1, Sony concluded that SOE was also compromised by the attack and acknowledged the breach. Stolen information includes name, full address, email, gender, birth date, phone number, user name and hashed password. The newly revealed enormity of the breach adds 24 million customer accounts to the total.

An outdated 2007 non-U.S. Sony ustomer database may also have been accessed. The database contains 12,700 credit or debit card numbers and 10,700 European direct-debit records listing bank account numbers.

Sony says it has taken action to minimize further damage. The company has temporarily turned off all SOE game services, strengthened security procedures, and hired a security firm to investigate. Sony again recommended that customers be wary of credit card, phone and email fraud and keep a watchful eye on accounts and credit reports.

Another Blow to a Wounded Sony

While Sony’s early response to the hacking was slow, it now seems willing to quickly disclose more information about the full scope of the breach.

“It’s disappointing that data the company had thought was safe was apparently exposed and stolen,” Charles King, principal analyst at Pund-IT, told the E-Commerce Times. “At the same time, Sony should be commended for its transparency in going public with obviously embarrassing and painful information.”

The long-term consequences for this fiasco cannot be determined until the dust settles. It’s possible that Sony could uncover more evidence of hacking instances — or it could get hacked again.

“It’s hard to say how destructive this news could be for Sony until we know the full extent of the exposure and damages customers suffered,” said King. “The security breach at TJ Maxx was considered to be among the worst of all time, yet the company’s business doesn’t seem to have been severely affected.”

It is difficult to pinpoint what legal implications could come in to play, said King. That depends in part on how much fraud occurs due to the compromised data.

“The chain of evidence proving a specific injury to a particular consumer resulted from the breach seems highly complex,” said King. That probably won’t prevent someone from filing a class action suit, though.”

Honesty may be Sony’s best policy at this point in containing the damage.

“Sony can help pull itself back up by being honest about what’s happened and clear about what they’re doing to fix it and ensure that it doesn’t happen again,” said King. “Provide some sort of balm to the customers affected — a sizable credit on the online entertainment sites could be attractive.”

The company can bounce back, in King’s view. Security breaches are not that out of the ordinary — but this is a big one.

“These problems aside, the company continues to make terrific products and has a solid brand,” said King. “Additionally, the drumbeat of security lapses, even among firms people considered safe and reputable, has been so constant that I fear stories about ongoing security disasters are turning into white noise. That’s lousy news for consumers but is probably comforting to the companies involved.”

Big-Time Digital Heist

Sony reportedly will be thanking loyal PlayStation Network users by giving them a free choice from a selection of games and a month free of PSN+, an upgraded version of the network. This could help Sony to start mending its customer relationships.

“I think what we’re seeing with Sony is the modern equivalent of the bad PR banks used to get from bank robberies,” Carl Howe, director of anywhere consumer research at the Yankee Group, told the E-Commerce Times.

“A bank that was robbed would typically lose several thousand dollars, but would spend months, if not years, recouping its reputation for keeping money safe,” he noted. “Sony’s Playstation Network and now Sony Online Entertainment have just experienced their ‘bank robbery’; it will take months, if not years, for them to rebuild their brand.”

This was not an easy feat for the hackers. It takes some technical acumen to do this level of damage, especially to a company the size of Sony.

“I used the term ‘bank robbery’ deliberately because the attack on Sony wasn’t just a school kid trying to hack into their gaming network,” said Howe. “It was a sophisticated, in-depth attack planned by a group who had deep technical skills and knew what they were after. The attackers came equipped with the technical equivalent of diamond drills, high explosives, and boring machines to get inside Sony’s digital assets, and the criminals had not only getaway cars, but a distribution network for the stolen credit cards that is the equivalent of 18-wheelers to dispose of the stolen loot. This was a professional operation, and they attacked Sony because it offered them the biggest haul for the least effort. And unless the crooks are caught, they won’t be the last targets either.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Rob Spiegel
More in Consumer Security

E-Commerce Times Channels