Closing the book on the 2011 Sony Playstation data breach?

Following the data breach at TJ Maxx in 2007, I still remember the Sony data breach of 2011 as a landmark occurrence in the world of security and cyber threats.

At the time of the initial incident, in which hackers stole as many as 77 million accounts, it was speculated that the intrusion originated with a system administrator falling prey to an email-borne attack and ultimately having his system compromised. From there, attackers sought out and stole personal information from account holders. Sound at all familiar?

Further, back in 2011, there was no real sense of how much the breach would cost Sony. However, over time some of those costs have materialized:
· Almost $400k levied by the UK (and ultimately agreed by Sony)
· $2.5m paid as part of a class action settlement to cover plaintiff legal fees just announced
· A range of credits to Sony Play Station members (we will see if a dollar amount gets reported in the public filings)

To name a few.

And obviously these pale in comparison to the costs mentioned already in relation to the breach at Target Corporation.

With significant security incidents seemingly accelerating in the years since that Sony breach, we continue to urge organizations to take a coordinated rather than knee-jerk approach in addressing sophisticated cyberthreats. Our recommended decision framework can be found here and we welcome your input.

Copyright © 2014 IDG Communications, Inc.