Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Sony PlayStation Breach: A Case Study on Security Breaches

Verified

Added on 2023/05/31

AI Summary

This presentation discusses the Sony PlayStation breach in 2011, which resulted from unauthorized access of data. It covers the consequences of the breach, customer response, and ways to prevent such incidents. The breach affected the PlayStation Network, online gaming service, and other platforms, resulting in a loss of $171 million. The hackers accessed private and sensitive customer data, such as names, email IDs, and login credentials. The breach could have been prevented by implementing a comprehensive strategic framework for IT security and risk management.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Sony PlayStation
Breach

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

 Security breach is basically an event that results from
an unauthorized access of data, applications, networks
or devices by way of bypassing the underlying securities
mechanisms.
 Nowadays, not only business organizations but also the
individuals make use of internet technology in their
routine life to a great extent and as a result of which
they share their private, confidential and sensitive
information on e-platform where there are high risks of
security breaches.
Security Breaches

 The issue of cyber securities has become quite
common and frequent in today’s world due to
heavy reliance on the internet. During the last few
years large number of incidents has taken place
where massive security breaches were reported.
The PlayStation breach at Sony is the classic
example of securities breach that occurred in April
2011 [3].
Security Breach at Sony

 The PlayStation network breach at Sony was
the outcome of some external intrusion of its
PlayStation Network (PSN) with the aim of
stealing the important customer data of Sony.
 When the PSN servers were hit by the Denial of
service attacks (DoS), the criminals of the said
security violation accessed the servers illegally.
The security team at Sony was busy in dealing
with the DoS attacks and hence they could not
recognize the intrusion on time.
Introduction

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

 It was identified by the forensic team that the attackers
had exploited a flaw in some of the Sony’s software and
deployed aggressive tactics and techniques to obtain the
network access by the illegitimate ways so as to boost
their network privileges.
 Additionally, they used sophisticated techniques to
conceal themselves from the network administrators,
such as deleting the log files.
How the breach occurred?

 On April 19, when various servers at Sony were rebooting even
without the scheduled program, the company had discovered
the fact that the data centre of the company which is located at
San Diego was hacked by some anonymous hackers who had
accessed the unauthorized data of the company that was kept
at servers of its PlayStation Network (PSN).
 It stole data from77 million users accounts of PSN server and
from the 24.5 million user accounts of Sony Online
Entertainment.
Identification of Breach

 Between the period of April to May in 2011, not only the
PlayStation Network of Sony but also various other
platforms such as the online gaming service of Sony
computer entertainment and Qriocity which was the
streaming media service of Sony along with Sony online
entertainment, the developer and publisher of Sony’s in-
house game were attacked by LulzSec that was the
unidentified hacker group [4].
Other affected Services

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

 Shutting down the systems after the
discovery of threats had caused Sony a
substantial cost.
 As compensation the company had to offer
free services to its customers for several
days along with the additional free month
subscription.
 Apart from this, the company had to also
provide its customers the services in
connection of identity theft protection.
Continued…

 Between the period of April to May in 2011,
not only the PlayStation Network of Sony but
also various other platforms such as the
online gaming service of Sony computer
entertainment and Qriocity which was the
streaming media service of Sony along with
Sony online entertainment, the developer and
publisher of Sony’s in-house game were
attacked by LulzSec that was the unidentified
hacker group.
Consequences of breach

 It was reported by Kazuo Hirai, the
chairman of Sony Computer
Entertainment America LLC., that the
hackers had rummaged through
various private and sensitive customer
data such as their names, e-mail IDs,
date of births, the account login IDs
and passwords and the online IDS.
 As the credit card data of the
customers was encrypted it could not
be hacked by the intruders. However,
the other data was encrypted at the
time of security breach [2].
What Information was hacked?

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

 Due to the sophistication of the security
breach incident, Sony and the team of
forensic consultants hired for the
investigation of the breach took several days
to figure out and confirm the actual extent of
data loss happened at the company.
 The online service facilities at Sony were
kept inactive during the period from April 20
to May 15, 2011 for the purpose of securing
the breach [1].
Period of inactivity:

 The loss out of the massive breach was estimated
to be around $171 million which included the cost
of business loss and the cost related to responding
to the breach such as identification and fixation of
breach, notifying different subscribers and network
up-gradation [4].
 However, the said figure of loss did not include the
cost of actions against the law suits filed by the
customers of the company. There was also a decline
in the share prices of the company in the market
when the news of data breach at Sony came out.
Loss on account of PSN breach

 As the company did not announce the news of
stealing of their customer data till the date of
26th April, 2011, it was highly criticized by its
customers.
 Customers as well as the regulators have
always called for the transparency from the
companies whenever a breach like Sony
PlayStation breach occurs. However Sony
failed to meet this expectation and on
account of this it had to face serious criticism
in legal and other business terms.
Customer’s Response to the
breach news:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

 The company officials were called up by the US IT law regulators
and imposed heavy fines on the company for not having the
adequate systems of data securities, in place.
 As per Shinji Hasejima the CIO at Sony, the breach has occurred in
the web application service platform of Sony PlayStation Network.
 The said vulnerability was a known one and could have been
avoided if proper measures of data security were undertaken on
time [2].
Could the breach be prevented?

 The IT security and risk managers at Sony
should have adopted and implemented a
comprehensive strategic framework to protect
the data of its customers throughout the life.
 The said framework suggests that the IT risk
managers must ask themselves few questions
well in advance [1]. These questions relates to
following areas:
How could the breach be
prevented?

 Governance:
Who will take the accountability to protect the data
assets of the business?
How will the company’s top management ensure
that the accountable person has proper access to
the required resources and information?
 Risk Management:
What are the possible data security vulnerabilities at
Sony and what could be the possible impacts of the
same?
What information must be safeguarded at the top
priority?
Continued…

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

 Integrity Security:
How the security investments shall be prioritized so
as to minimize the risk of overall risk profile?
 Incident Management:
How a security breach, which if materializes, would
impact the company?
How could the impacts of the breach be
minimized?
 Continuity Planning:
If the operations of the company are disrupted,
how long will it take to resume the normal business
operations?
Continued…

 If the above discussed framework was
implemented properly, Sony could prevent
the occurrence of PSN breach to some
extent. However, it is a general fact that
even after the application of best securities
measures the cyber crime incidents cannot
be prevented completely [2].
 The other ways that could prevent the PSN
breach could be:
Continued…

IT security framework
Source: https
://www.strategyand.pwc.com/media/file/Limiting-the-impact-of-data-
breaches.pdf

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

 Sony must have had deployed proper
security software to protect the endpoints,
the software and other security related
technology had updated regularly.
 Further, it must have applied more
advanced measures such as network
intrusion detection or/and penetration
testing.
 The corporate communication at Sony must
have been encrypted.
Continued…

 Even the strongest securities measures
could not completely protect Sony.
 Thus, the impact of the breach could have
been reduced if there was an adequate
system of contingency plan to act
proactively.
 Further, the information of data loss must
have been communicated on the earliest
basis.
Ways to reduce the impact of
incident

 [1]Fortune. “Why Sony didn't learn from its 2011 hack”. Available at:
http://fortune.com/2014/12/24/why-sony-didnt-learn-from-its-2011-hac
k/
[Accessed on: 24.11.2018], 2014.
 D. Riedel. “Could the Sony breach have been prevented”? Available at:
https://www.scmagazine.com/home/opinions/could-the-sony-breach-ha
ve-been-prevented/
[Accessed on: 24.11.2018], 2015.
 Reuters. “Sony PlayStation suffers massive data”. Available at:
https://www.reuters.com/article/us-sony-stoldendata/sony-playstation-
suffers-massive-data-breach-idUSTRE73P6WB20110427
[Accessed on: 24.11.2018], 2011.
 Tech Target. “FAQ: What is the Sony PlayStation Network security
breach's impact”? Available at:
https://searchcompliance.techtarget.com/tutorial/FAQ-What-is-the-Son
y-PlayStation-Network-security-breachs-impact#cost
[Accessed on: 24.11.2018], 2011.


References:

1 out of 22

+13062052269

info@desklib.com

Sony PlayStation Breach: A Case Study on Security Breaches

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Sony PlayStation Security Breach and IT Security

Sony 2011 Data Breach

Sony PlayStation Data Breach Analysis

Sample Assignment on Cybercrime PDF

Cyber-Attack on Newark City Hall Computers and Sony PlayStation Outage Case

Computer Security Breaches