For decades, the concept of breaking into a computer network and stealing information has been a reality. However, most data breaches are limited to a small network belonging to a small company with little or no security department. Data breaches of tens of millions of people’s identities or financial information has been left to Hollywood movies such as Live Free or Die Hard. Sony, however came to a shocking awakening when, during an internal audit, they found that tens of millions of people’s identity information had been stolen from their network.
At the end of April 2011, Sony announced that they had a major data breach involving the identity information of tens of millions of individuals. This number has since been clarified by Sony to around 77 million. That is twice as many people as the Canadian population! Some of these stolen records only include identity information, while others contain financial information. Not only is this one of the largest recent data breaches, it took Sony six days to admit to the data breach having occurred. This would have, of course, given the person or group responsible for the theft enough time to utilize some of the stolen information. To make things worse for Sony, this breach happened on their PlayStation Network, the network used for the social and the online multi-playing features of the PlayStation 3 gaming console. This is the market in which Sony has been trying to gain and keep a market share from the increasing competition of the Microsoft XBox 360 gaming console.
Sony is now in rough shape. They are facing a large amount of criticism and increasing threats of legal action. The criticism is well-warranted due to the long delay in providing information to the public about the breach, and reports of inadequate data protection. Many countries, including Canada, have laws in place outlining the level of precaution that should be taking to secure identity data of customers. Some analysts believe Sony has breached these laws. Fortunately, Sony appears to be making some smart decisions after the incident. The first of these decisions is keeping the PlayStation Network offline until they are sure that they have increased their security to a point of high confidence. The next important step they have taken is providing a complementary identity theft insurance policy of up to one million dollars to all their users.
There have been some claims of financial fraud among those who have been part of the breach. However, it will be difficult to determine if these claims are legitimate, and even more difficult to prove that Sony is the culprit of the incident. Within 77 million people, it will not be uncommon for regular occurrences of financial fraud from other sources. Sony has gone out and made a claim of their own by blaming a group of hackers known as Anonymous for the breach. This group is known for their high profile work supporting Wikileaks and attacks on the church of Scientology. The group claims that they are not responsible.
So, what is there to learn from what is currently happening with Sony? The answer to this question is that the Internet is not always secure. There are always going to be data breaches. And as long as stealing this information is profitable, large, organized crime will devote enough resource to breaking in. But don’t panic! Most companies put clauses in their usage agreements holding themselves accountable for breaches to your information. It is in their best interest to ensure breaches don’t happen, and to comfort users if breaches do happen. For example, The Royal Bank of Canada has a clause voiding the user of any responsibility if their computer and subsequently their online banking password becomes compromised. So, not only are they taking responsibility for breaches of their network, but they are also, within reason, taking responsibility for the security of a user’s computer.
So, yes, breaches happen, and it will happen again. But like driving, using the Internet will always be an acceptable risk. Make sure to wear your antivirus seat-belt snugly over your shoulder.
Leave a Reply