It’s never good press for a company when customer records are stolen. And it’s even worse when it turns out the breach could have been prevented by avoiding a basic IT mistake.
At the end of April, Sony’s online Playstation Network was accessed by hackers. In what was likely one of the largest Internet security breaches ever recorded, the accounts of up to 77 million users may have been compromised.
The group of hackers taking responsibility for the attack claims they have 2.2 million credit card numbers they are planning to sell to criminals.
Experts estimate the breach may end up costing Sony $1.5 billion to clean up the mess.
While most businesses aren’t large enough to experience a breach on quite this scale, the incident does illustrate the costs — including a damaged reputation and lost customers — of leaving customer data unprotected.
How did the breach occur? According to recent congressional testimony, unpatched and outdated software was largely to blame.
According to Dr. Gene Spafford of Purdue University, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which “was unpatched and had no firewall installed.”
That’s a powerful lesson for IT about keeping all systems up-to-date. It can be tough to get money allocated for upgrades, but pointing out the trouble Sony is in should help you make your case.