Sony Data Breach

In: Business and Management

Submitted By tniemann23
Words 3014
Pages 13
Sony Pictures Data Breach
In this paper I am going to be talking about all aspects of the data breach Sony Pictures experienced starting in early November 2014. As you would expect a data breach is a very serious issue especially for big corporations such as Sony. This data breach all started on November 24th, 2014 when Sony realized they were becoming a victim of a high profile studio wide cyberattack. A cyberattack is when a company has unauthorized people or computers accessing protected files and information. For a big corporation like Sony you can imagine this caused a big uproar and got the public’s attention. The cyberattack was traced back to a group that called itself #GOP or the Guardians of Peace. This group of hackers is supposedly from North Korea which does not makes this situation any better. There were a number of things Sony was worried about be accessed, such as unreleased movies, employee information, customer information, and other sensitive material. The first step of this hacking process involved GOP illegally acquiring a valid digital certificate from Sony. After gaining access to the company from this certificate, GOP was then able to release a malicious software called Destover, which sneaks into the systems and takes over, giving access to the data. After that Sony’s next move was to immediately blacklist that copy of the digital certificate, so if it were to be used again it would be flagged as malware and not allowed passed the other security measures. While Sony has currently curbed the cyberattacks there is no way for them to get back the hundreds of terabytes of data already stolen. What happened next was devastating for Sony Pictures. There were a number of unreleased films leaked such as, Annie, Fury, Mr. Turner and Still Alice. Employee salaries, company passwords, other sensitive information, and IT related information.…...

Similar Documents

Data Prevention Breach

...6 StepS to prevent a Data Breach For companies that have critical information assets such as customer data, intellectual property, trade secrets, and proprietary corporate data, the risk of a data breach is now higher than ever before. To monitor and protect information from hackers, malicious and well-meaning insiders, organizations should select solutions based on an operational model for security that is risk-based and content-aware. Here are six steps that any organization can take, using proven solutions to significantly reduce the risk of a data breach. 1 2 3 4 5 6 Stop incurSion By targeteD attackS The top four means of hacker incursion into a company’s network are through exploiting system vulnerabilities, default password violations, SQL injections, and targeted malware attacks. To prevent incursions, it is necessary to shut down each of these avenues into the organization’s information assets. Core systems protection, IT compliance controls assessment automation, and endpoint management, in addition to endpoint, Web, and messaging security solutions, should be combined to stop targeted attacks. iDentify threatS By correlating real-time alertS with gloBal intelligence To help identify and respond to the threat of a targeted attack, security information and event management systems can flag suspicious network activity for investigation. The value of such real-time alerts is much greater when the information they provide can be correlated......

Words: 642 - Pages: 3

Security Breach

...Running Head: SECURITY BREACH Security Breach faced by Sony Corporation Introduction In the global marketplace, to attract the customers and provide relevant information to the customers, internet is used by most of firms as a promotional tool. In this, web-sites, social networking sites, etc. are used by the firms to communicate with the customers. Although, many security tools and techniques are used by the firms to secure the data of firm and customers, yet, some security breaches are also faced by the firms due to technical advancement. For this paper, Sony Corp. is selected that has faced security breach. Sony Corporation is a multinational firm that operates its business in global market and belongs to Japan and produces electronic products for the customers (Sony Corp. Info, 2011). There will be discussion about products information, contact information, internet marketing strategies, privacy policy of the firm, etc. Evaluation of Website Sony Corporation provides whole relevant information on the website of the firm about its products, services, etc (Sony Corp. Info, 2011). Areas that are evaluated for the firm are as follow: Product information: Sony Corporation has developed its website effectively that attracts the customers to purchase products. The firm provides all relevant information about the products on its website. Additionally, the firm also has made a list of its products that includes various categories of......

Words: 1807 - Pages: 8

Health Care Data Breach

...Health Care Data Breach The Pentagon is under a lot of pressure because one of their contractors for health care had a data breached. The data breach affected as many as 4.7 million people. The person that was affected was solders, their family members, and other government employees. The contactor of health care is TRICARE which is a pentagon run health insurance program. The data breached was caused by a pentagon contractor leaving 25 computer tapes in the back seat of a Honda civic in Texas. These tapes were stolen out of the car. One person affected by the data breach was Carol Keller. She noticed some unauthorized purchases on her accounts and was later informed by letter titled “urgent” of the data breach and the possible of her data being used. Carol Keller since has joined a dozen others in a class-action lawsuit seeking unspecified damages. According to paper filed in federal court this not the first time this contractor has had issues with data being breached. There are several groups of people all of the country filing lawsuits across the country. Lawmakers and privacy specialists say that the pentagon has a poorly designed health care system that the pentagon relies on contractors that has outdated computer equipment to house and transport health care data. Representative Edward J. Markey was quoted as saying that “the bottom line is that people in charge of safeguarding our service members’ personal data need to be transition from the 20th century...

Words: 361 - Pages: 2

Sony: the World’s Largest Data Breach?

...PlayStation Network is used by Sony game machine owners to play against one another, chat online, and watch video streamed over the Internet. The largest single data breach in Internet history was taking place. On April 20, Sony engineers discovered that some data had likely been transferred from its servers to outside computers. The nature of the data transferred was not yet known but it could have included credit card and personal information of PlayStation customers. Because of the uncertainty of the data loss, Sony shut down its entire global PlayStation network when it realized it no longer controlled the personal information contained on these servers. On April 22, Sony informed the FBI of the potential massive data leakage. On April 26, Sony notified the 40 states that have legislation requiring corporations to announce their data breaches (there is no similar federal law at this time), and made a public announcement that hackers had stolen some personal information from all 77 million users, and possibly credit card information from 12 million users. Sony did not know exactly what personal information had been stolen. The hackers corrupted Sony's servers, causing them to mysteriously reboot. The rogue program deleted all log files to hide its operation. Once inside Sony’s servers, the rogue software transferred personal and credit card information on millions of PlayStation users. On May 2, Sony shut down a second service, Sony......

Words: 293 - Pages: 2

Target Data Breach

...What exactly happen? Over 40 million credit cards and debit cards that were swiped at a US Target store may have been exposed. The stolen data includes customers’ names, credit card debit card numbers, expiration date and the security code. What was the impact from this happening? The Impact from the data breach was customer information was stolen and card numbers. What was the monetary loss? Each cards that was stolen was taken 18-37 dollars out of each card stolen. Target lost 46 percent in profit after the data breach. Target will spend 200 million on costs of to credit unions and banks for reissuing 21.8 million card to customers. The hackers stole 53.7 million us dollars for the cards stolen. According to Target it will spend 100 million upgrading their payment terminals to support chip and pin enabled card. What was the negative publicity? The negative publicity is Target customers lost their trust to target and didn’t feel safe going back to shop at Target. There has been over 90 lawsuits against Target since the data breach last year from customers and banks for negligence and compensatory damages. How did it happen? A few days before thanksgiving a hacker installed malware in Targets security and payment system designed to steal every credit card used at any US stores. Event time the customer swiped the card it would capture the numbers and stored it on a Target server commandeered by the hackers. Six months earlier the company began installing a......

Words: 441 - Pages: 2

Anthem Health Data Breach

...Anthem Health Data Breach Could Compromise PII of 80M Date February 5, 2015 Hackers allegedly broke into Anthem, Inc.’s database last week, potentially compromising the personal information of approximately 80 million former and current customers, as well as employees, according to multiple reports. The information potentially compromised includes names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses, according to a statement from Anthem president and CEO Joseph Swedish posted on the company website. Employment information, some of which included income data, might also be at risk in the Anthem health data breach.2014-11-13-163188459 “Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised,” Swedish said. “Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.” Swedish added that the personal information of Anthem employees, including himself, were also compromised in this data breach. It was a “very sophisticated external cyber attack,” according to Swedish, and despite Anthem’s best efforts and “state-of-the-art information security systems” its IT system was breached. “We join you in your concern and frustration, and I assure you that we are working around the clock to do......

Words: 1389 - Pages: 6

Data Breach

...employers in all 50 states, with products and services targeted specifically to small, mid-sized and large multi-site national employers”. (Kirk, 2009) Aetna is one of the leading health care companies. The last thing a big company with millions of members need is a data breach case. But unfortunately “On May 28, 2009, Aetna Insurance contacted 65,000 users to let them know that their personal data may have been compromised”. (Kirk, 2009) After tons of emails sent out the customers asking for their personal email, Aetna was finally alerted that something was going wrong. This would be a 2nd data lost incident, after an employee laptop was stolen back in 2006. According to Business Security, “Although the data theft took place between June 2004 and October 2007, On May 1, 2009, LexisNexis disclosed a data breach to 32,000 customers”. (Kirk, 2009) As many scammers seem to do the thefts set up fake post office boxes, causing an investigation for the USPS. Scammers are usually smart and seem to find a great way to get around the system and began to hack, as far as Aetna case the scammers retrieved the customer’s emails from the website. Could the breach been prevented? After a hack or scam has been done, everyone wants to point a finger at two of the people or person to blame, but in cases like this who can you really blame? Well According to The federal information Security Management Act (FISMA);......

Words: 623 - Pages: 3

$55 Million Dollar Data Breach at Choicepoint

...$55 Million Dollar Data Breach at ChoicePoint Abstract Personal data breaches have become epidemic in the U.S. where innocent citizens sensitive information is being left unprotected and subsequently disseminated between hackers. ChoicePoint is an organization that is a premier data broker and credentialing service in the industry. The company was guilty of failing to fulfil their own policy of thoroughly evaluating prospective customer organizations which resulted in a major breach. The source of this failure will be evaluated as well as possible solutions. The punishment and repercussions will be evaluated for appropriateness and the reactions of the organization will be scrutinized for potential effectiveness. The root cause of the ChoicePoint data breach stemmed from the organizations failure to enforce their own policy of verifying the legitimacy of customers. The direct failure involved an inadequate background check which provided hackers with customer accounts. The hacker’s then utilized the accounts to illegally access databases and steal confidential data. There is a personal-data-loss database that contains data on regarding more than 900 breaches in the U.S. which is made up of more than 300 million personal records. Analysis of this database illustrated that 81% of the breaches were committed by malicious outsiders. This value relates specifically to records that were vulnerable to being stolen by identity thieves. Further this value......

Words: 1067 - Pages: 5

Home Depot Data Breach

...Home Depot Data Breach Background on the 2014 Home Depot Data Breach Home depot was the target of a cyberattack on their information system infrastructure that lasted from April of 2014 to September of 2014. As a result of the attack and following data breach, 56 million credit-card accounts and 53 million email addresses were stolen. (“Home Depot Hackers Exposed 53 Million Email Addresses”) The cyberattack involved several steps. First, the attackers gained third party credentials allowing them into the system. Next they exploited an unknown weakness in the system that allowed for the attackers to elevate their own access privileges. Finally, they installed malware on Home Depot’s self-checkout systems in the U.S. and Canada, allowing for the data to be stolen. Because this was a multistage attack, there were several stages of failures. While this shows that there were multiple lines of defense, the fact that there were multiple failures as well is a large issue. It demonstrations that even with multiple lines of defense Home Depot was still not adequately protected. The first failure was that the attackers acquired credentials from a third party vendor. This may not have been Home Depot’s fault directly, but there are still governance processes they could’ve employed to prevent it. Once the attackers were in the system they exploited yet another vulnerability that allowed themselves to elevate their access rights. The third vulnerability that was exploited was the lack......

Words: 2954 - Pages: 12

Data Breach Research Papaer

...reliability. If an individual or a group wants to breach information, they will almost always find a way. With the increasing need for information databases, businesses have to weigh the risks of hacks. When an individual allows their information to be stored in a database, with or without their knowledge they are at risk. When this information enters the database, it becomes the business's responsibility to protect this information. With the amount of sensitive data being stored in databases, current cyber security measures and laws are not up to par. Infamous Data Breaches In 2015, there were 781 data breaches according to the Identity Theft Resource Center (ITRC). One of these infamous breaches being with Anthem, otherwise known as BlueCross BlueShield insurance company. In this breach, hackers stole over 80 million social security numbers and other sensitive information of customers was obtained by the hackers. Similar to Anthem, Target experienced a breach. However, this breach was considerably worse. From November 27 until approximately December 15, hackers stole nearly 70 million credit card numbers from Target’s database. This security breach is widely known, as it happened during prime retail season for Target. This breach opened the public's eye to the cyber flaws. However, not all hackers involve the theft of financial information. In 2014 another breach occurred, with the internet giant eBay. Fortunately, this breach only involved the theft of names, addresses,......

Words: 1455 - Pages: 6

Data Breach

...Data Breaches Threats and Vulnerabilities IT/200 Reba Sanford Finding out information has been compromised or even the idea can be extremely alarming. Data breaches happen every day and numerous people are affected. When a breach happens, it could affect consumers, companies, and employees as well as individuals using online services at home. There are several types of breaches and it is very important to protect people from all of them. Internal attacks are the most frequent and easiest attacks because people already have access to the data. As a company, it is important to make sure that passwords used within the facility are updated frequently. Upon terminating an employee, a company should terminate all of the ex-employee’s access to existing networks. Another way a company experiences data breaches is by allowing unsecured mobile devices to access their network. Public access to a company’s networks raises a lot of risks. When devices access the network, it weakens the security of the network including passwords and secured accounts. The same thing applies to people in their homes. Home networks allow you to secure a connection by using a password. However, when outside parties are allowed access to the network, it becomes more vulnerable. It is important to filter the information that you send over a network. When making online orders or purchases at home, it is probably best to use a prepaid debit card versus one linked to an actual bank account. Also, online......

Words: 683 - Pages: 3

Data Breach Assignment

...Aftab Khan IT120 Cybersecurity Principles Assignment 3 Due by 2pm, October 29 (Thursday) Data breaches happening in healthcare can cause severe damage. This assignment looks at different sets of data submitted to the Department of Human Services whenever a breach affects 500 or more individuals. ( You have each been assigned a “filter” to research and assess. For the filer you are assigned, make a report that includes the following information: 1. Describe the web site and the policy/legislation under which the organization is required to report their breaches Department of health and human services, office of civil rights websites, where as required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. These breaches are now posted in a new, more accessible format that allows users to search and sort the posted breaches. 2. Describe how the organization must file their report. Includes brief summaries of the breach cases that OCR has investigated and closed, as well as the names of private practice providers who have reported breaches of unsecured protected health information to the Secretary. 3. Name of the filter designated. 2015 4. How many breaches did you identify as a result of the filter There are about 223 breaches for 500 or more. 5. Select one result that catches......

Words: 562 - Pages: 3

Sony Play Station Security Breach

...Sony Play Station Security Breach It is almost impossible to find the top reasons why most security breaches happen on a secure network compromising hundreds to thousands of users’ personal information. To protect a network and thoroughly secure confidential information, one has to examine the top vulnerabilities and think outside of the normal box to protect it. When a security breach happens, there is usually a pretty simple reason why it has happened. I will discuss one of the highly publicized security breaches to happen in years, the Sony PlayStation Network & Qriocity music and video service, what caused the breach and how this could have been prevented. On April 27, 2011 more than 70 million customers of Sony’s PlayStation Network and Qriocity music service received a disturbing email saying that everything the company knew about them including where they live, when they were born, their logins and passwords, and possibly more information had been hacked into. On May 2, 1011, a week later, a second security breach occurred on a different Sony network. The Sony Online Entertainment Networks was targeted and compromised 24.6 million users. Of that number, 12.3 million had their credit card information stolen. Lastly 2,500 user’s names and addresses were leaked from the electronics division of Sony creating a third incident. A total of three security breaches in three weeks amounted in over 100 million users having their personal information stolen makes......

Words: 584 - Pages: 3

Ais - Nasdaq Data Breach

...Running head: Business information breach - NASDAQ data breach Business information breach - NASDAQ data breach In 2011, NASDAQ Stock Market operations found "doubtful files" on its U.S. computer servers. There was no verification that the hackers entered or obtained customer information or that of parent corporation NASDAQ trading policies. The FBI along with exterior forensic associations helped carry out the investigation, despite the fact, NASDAQ OMX did not say when it was launched or when the apprehensive files were established. These files were recognized in a web application called Directors Desk. The search, which is ongoing with the help of securities supervisors, comes as investors are becoming progressively more anxious over the dependability and sanctuary of the rapid resource markets, which in North America and Europe are now more often than not online. NASDAQ Group, which runs equity and underlying assets, currency trade in the United States as well as European countries, did not give information on the hackers or on what they were up to. (Mathew J. Schwartz (2011) The breach under consideration relates to NASDAQ Directors Desk, a detailed communication system to assist board members. The company says the solution is used by over 10,000 directors around the world. It's almost impossible to establish where it comes from, however the powers that be are tracking it. The hackers were competent to set up malware that permitted them to spy on the......

Words: 1401 - Pages: 6


...Case Study Questions 1. List and describe the security and control weaknesses at Sony that are discussed in this case. The case discusses the main security and control weaknesses at Sony which allowed a breach of their network. Sony, at the time of the breach, did not make security and control a top priority. Some of the security weaknesses noted in the case study includes the fact that Sony was using an older version of software (Apache Web Server) which had known security issues. This impaired the security of their firewall, allowing hackers to get in. As for control weaknesses, there were obviously not the appropriate policies or organizational procedures in place, since Sony did not know what information was stolen from their servers, the fact that it took days for Sony to inform their customers of the breach immediately shows a lack of training of their management and staff and also Sony’s delay in shutting down all of their servers at the point when they learned of the attack. If the proper policies and organizational procedures were in place, perhaps it would not have been as dramatic for Sony. 2. What people, organizational, and technology factors contributed to these problems? Contributing to these problems was management’s unwillingness to spend the appropriate amount of money on the needed software to ensure security, the lack of training of their employees, almost non-existent procedures, and outdated software. With proper management and procedures in place...

Words: 493 - Pages: 2