Sony allegedly covered its own back against hackers, but did very little for its customers.
A class action lawsuit relating to the attacks on Sony Online Entertainment has alleged that Sony not only didn’t do enough to project customer data, it actually cut down its security staff, even though it knew that it was potentially at risk.
The suit suggests that Sony had experienced a number of smaller breaches prior to the attack in May, in which nearly hackers gained access to the user information for nearly 25 million user accounts. Apparently, this prompted Sony to install new firewalls to protect its own sensitive data, but not the data of its customers. What’s more, according to a witness, Sony apparently axed a lot of security staff when it downsized more than 200 staff back in March.
If these allegations are true – and “if” is the key word here at the moment – it could mean very bad things for Sony. It’s one thing to have vulnerabilities in your network, but it’s another to know that they’re there and do nothing to protect your customers from having their details stolen, while simultaneously getting rid of staff that might have been able to prevent the attack, or at least help minimize its effects and help protect SOE’s customers.