Slashdot Mirror
Lawsuit Claims Sony Canned Security Staff Just Before Data Breach
Stoobalou writes "A lawsuit filed this week suggests that Sony sacked a group of employees from its network security division just two weeks before the company's servers were hacked and its customers' credit card details were leaked. The suit, which seeks class action status, is being brought by victims of the massive data breach that took place in April."
Fixes my ability to view Slashdot articles.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
Like 2 weeks was enough to cause the massive problems Sony had. Hah.
No, more like, Sony found out they were incompetent and was firing them for that. Too little too late, obviously.
And what should have Sony done, when they realized they weren't secure? Shut down their entire business for months until they could hopefully secure things?
I'm not pulling 'months' from nowhere, either. Sony's Japanese PSN is still down while they secure it because the government won't let them bring it back up.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
Or too late
Or the sacked were involved in the breach.
Shameless self-plug: http://nerdramblings.com (my blog)
It's not like they were in the middle of implementing a new security schema when they were let go. I'm pretty sure the fail of Sony to protect customer information occurred months before this.
Since when does being a Socialist mean 'someone who has a different opinion than me'?
Those responsible for the sacking have also been sacked.
Or, perhaps, they fired the people who tried to tell them the emperor has no clothes? Seems to me you are assuming an awful lot.
Or the sacked were involved in the breach.
this was the first conclusion I jumped to. There seems to be a few stories out there about disgruntled IT workers.
Never put security in the hands of someone you're not paying very well. And never tell an IT working they are being sacked until they are already gone and passwords have been changed.
A unique way to learn a language: http://languageloom.com
Those responsible for sacking have been sacked. They've all been replaced at the last minute at great expense by trained llamas.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
Maybe they were fired because they complained too much that Sony didn't care about security. Or that they upped that complain into the CEO, that preferred the CIO version. Maybe they threatened to make the problem public and their boss didn't like it. Maybe they weren't seen as productive because they kept fixing things the entire day, instead of helping build new things, and were understaffed. Maybe the company didn't like the policies they tried to put in place, so not only didn't accept the policies, but also fired them (this option seems to be quite likely). Maybe they weren't competent enough to put some good security in place, but still dedicated enough to security so that they anoyed people. Or, finally maybe they were justly fired by incompentence.
Rethinking email
I could honestly care less why they sacked them. I just want something out of SONY. For the PS3 storing open text negligence, for taking away a feature I paid for (Linux- Other OS) and not giving a rats ass about me, for the Rootkit they put on my system with no real punishment, for the liars that lobbied the Bluray to win over the far superior technology that was HDDVD, for well, "EVERYTHING SONY". For the rootkit alone, their senior staff should have been criminally prosecuted. If I was to put a rootkit on a SONY Server by giving an employee a cd to listen to at work, I'd certainly be in jail. The best part- I went to GTPlanet (for the Gran Turismo Game, GT5) after this and the dam Fanboi mentality of today is every post I saw that complained or said anything remotely bad was shut down by 100 posts saying Sony is such a great company for trying to rebuild everything and that it is so great they are looking out by telling everyone about it..blah blah blah I've had enough- Boycott these thieving asshats. I want my $0.99 from the Class Action Suit. It's almost as good as a company changing the law like Verizon and ATT with their "Unlimited" Plans that are actually 5GB or less.... Truth in advertising? But I digress... I only mention them because they are also tops up there on the list with Sony of companies that do what they please and colude but yet give lots of $$ to lobby their cause to a corrupt (or rather incompetent) judicial system.
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
There was a lawsuit a few years ago in the U.S. where precedent was set for Constructive Dismissal a.k.a, Constructive Discharge. This is when a company makes it so unbearable to work there, the employee has to quit. This is treated as unfair or wrongful dismissal, and the employee can sue the company as such. I remember reading about this when I lived in the U.S. where a woman sued her former employer under this concept and won. From what I gather it is a good idea to talk to a lawyer before you quit if you are going to try this.
-- I ignore anonymous replies to my comments and postings.
Yup. Mexican Whooping Llamas are well known for their computer hacking skills and their nunchuku skills. Their magical skills are second only to Ligers.
Welcome to the Panopticon. Used to be a prison, now it's your home.
And never tell an IT working they are being sacked until they are already gone and passwords have been changed.
That is terrible advice, especially the "never" part.
There is a cost to treating employees that way - it promotes a pervasive culture of distrust within the company that can be extremely damaging. It tends to chase the best and brightest on to somewhere else where they feel more respected and encourages a punch-clock mentality among those who do stay.
It isn't like a unilateral policy is a guarantee against sabotage anyway - it doesn't take a whole of lot of brain-power for an off-balance IT guy to set up a dead-man's switch that will kick off a bunch of havoc unless he logs in to disarm it on a regular basis.
Far better that managers should actually manage and determine on a case by case basis if the person being terminated requires exceptional handling or not.
When information is power, privacy is freedom.
I've worked at SONY, though not in the security group. To do anything, there were at least 10 meetings to "decide to do something" followed by another 20 meetings to decide "WHAT" to do. Often, the WHAT wouldn't be possible, because the doers weren't invited.
SONY can spend lots and lots of money on things they believe will make them money and $0 on stuff that doesn't ... like security.
Where I worked was filled with IBM-Japan running AIX systems. Half of these people were really sharp and the other half, well, not so much. I never met or heard anything about the Data Security team, but that wasn't my role while I was there, so it isn't surprising.
SONY wasn't much different from any other large company that hadn't needed to worry about security previously. I bet going forward SONY will make a security review part of every project going forward. It will be a checklist item that leads to 15 other checklists.
Pick any other consumer company, perhaps Emerson or Westinghouse. Do you think they have much real data security either?
Irregardless of whether the security team were watching logs or not, there seems to be fundamental failures of their security teams in terms of network infrastructure, design and implementation. Unless they were removed because they were making too much noise about replacing their entire network with a more solid security based design, I would say this was a good move. Their security team was clearly ineffective. From everything that has come out, it didn't need to be an inside job to have been done and some of the gaping holes that were left unchecked for years are (in some cases) absolute basic security principals.
There is no -1 disagree