Hackers struck Sony again, exposing 93,000 accounts, illustrating the impact and challenges hacking has created for businesses’ management of sensitive data.
Sony suffered another breach from October 7 to 10, when hackers matched valid sign-in IDs and passwords for accounts on the PlayStation and Sony Entertainment Networks, as well as Sony Online Entertainment services.
The Tokyo-based company said credit card details remain uncompromised and adds it has temporarily locked all affected accounts. Sony is notifying affected users who may have been victims of a mass phishing attack.
Sony’s quick response to this latest hack differs greatly from its tardy approach after its first major attack in April, which compromised over 100 million users’ accounts. The company waited for nearly one week before it informed people of the breach, which may have affected 32,000 credit and debit card accounts.
Sony drew criticism not only for keeping silent but also for failing to shore up its security systems against further attacks that continued through June. International lawmakers derided the company while it faced lawsuits from customers angry at its failure to protect their personal information.
Even after the Japanese company finally restored its systems after nearly three months in July, its home country refused to allow Sony’s PSN service online, citing security concerns.
But Sony may have learned its lesson, as this month’s attack saw the company jump to disclose the breach as the matter of data breaches becomes the subject of pending legislation.
“We were able to move swiftly, and we believe very few accounts were actually accessed,” said Satoshi Fukuoka, a spokesman for Sony.
Fukuoka also confirmed Sony is stepping up its vigilance against hacks, including adding firewalls and system monitoring software to its online services.
Sony faces challenges ahead, however, as it loses consumer credibility with each hack and cannot afford more losses at a time when the company is already bleeding profits.
Sony has had a difficult year, with the Japan earthquake in March disrupting supply lines, the streak of hacks in spring and plunging TV sales. In fact, 1.6 million flat-panel displays were discovered to have defects that may cause them to smoke or melt, prompting Sony to offer free repairs worldwide.
The struggling company may also need to shape up its security defenses to comply with pending government regulations dictating how business should handle breaches.
Sen. Richard Blumenthal’s (D, Conn.) proposed “Personal Data Protection and Breach Accountability Act of 2011″ would require companies like Sony to securely store customers’ data at the risk of paying $5,000 per day up to $20 million per infringement. Sony’s hacks were even pinpointed by lawmakers as why legislation is necessary to combat a rising tide of hacks against businesses.
“The Sony data breach has become a poster child of why we need this law,” Blumenthal said. “We were working on this legislation well before that data breach occurred, but Sony is a good example of why this law should exist.”
Sony may have difficulty working to restore consumer confidence and complying with future laws mandating it protect users’ information. Its quick response to this latest hack, however, is a first step on what looks to be a long road.