Sony Security Breach

On April 19, 2011, Sony figured out that their own PlayStation Network had been compromised. The next day, they decided to shut down the server without disclosing information about the breach. The next day after that, Sony claimed that they were still looking to the cause of the shutdown of the server. They also released a post on the PlayStation blog in Europe that one of the causes of the incident could have been a security breach by an unknown third party. They eventually released a statement, admitting that "An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned

Sony believed that Anonymous, an activist group based around hacking, were responsible for the data breach. Anonymous has denied involvement in this incident. Sony has been reluctant in revealing how exactly the hackers broke into their servers. Earlier that year, the encryption on the PS3 had finally been cracked. Sony made legal threats against the group that decrypted the PS3 and Anonymous criticized them for it. This is the most likely reason Sony blamed Anonymous for the hack. A claimed “chat log” from the hackers says that they had an easy time breaking into the server removing the encryption. The hackers also claim in the “chat log”, that they believe that Sony has gone too far with their data collection methods, even claiming that they were not legal (Stuart and Arthur 2011). According to Shinji Hasejima, the Chief Information Officer (CIO) at Sony, claims that hackers took advantage of a “’known vulnerability’” in the web application server platform used at the PSN.” Altogether, it seems that hackers concerned with Sony’s rampant data collection methods decided to take action and broke into the servers. They were able to break in so easily due to the existence of a preexisting hole in the security of the server.
The hackers compromised of the personally identifiable information of 77 million user accounts. This included information such as addresses, usernames, passwords, purchase history, security question answers, and credit card details (Stuart and Arthur 2011). The direct costs of the breach were over $171 million, but the financial analysts at Sony claimed that the indirect costs totaled $1 billion. These indirect costs come from expected brand damage and loss of good will (Hoehle and Browns