The IT mistake that could cost Sony $1.5 billion

It’s never good press for a company when customer records are stolen. And it’s even worse when it turns out the breach could have been prevented by avoiding a basic IT mistake.

At the end of April, Sony’s online Playstation Network was accessed by hackers. In what was likely one of the largest Internet security breaches ever recorded, the accounts of up to 77 million users may have been compromised.

The group of hackers taking responsibility for the attack claims they have 2.2 million credit card numbers they are planning to sell to criminals.

Experts estimate the breach may end up costing Sony $1.5 billion to clean up the mess.

While most businesses aren’t large enough to experience a breach on quite this scale, the incident does illustrate the costs — including a damaged reputation and lost customers — of leaving customer data unprotected.

How did the breach occur? According to recent congressional testimony, unpatched and outdated software was largely to blame.

According to Dr. Gene Spafford of Purdue University, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which “was unpatched and had no firewall installed.”

That’s a powerful lesson for IT about keeping all systems up-to-date. It can be tough to get money allocated for upgrades, but pointing out the trouble Sony is in should help you make your case.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy

Related Posts

  • Marlon French

    “It can be tough to get money allocated for upgrades, but pointing out the trouble Sony is in should help you make your case.”

    I don’t see how the above could have affected Sony considering that Apache web server software is open sourced. I also wouldn’t be surprised if Sony is using Linux (CentOS) to run their web servers. As far as I’m concerned there was no reason for Sony’s IT department to not have upgraded the server software to the latest version. To me, the smacks of incompetence.