Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lawsuit Claims Sony Canned Security Staff Just Before Data Breach

Posted by Soulskill on from the perhaps-a-lesson-has-been-learned dept.

Stoobalou writes "A lawsuit filed this week suggests that Sony sacked a group of employees from its network security division just two weeks before the company's servers were hacked and its customers' credit card details were leaked. The suit, which seeks class action status, is being brought by victims of the massive data breach that took place in April."

3 of 99 comments (clear)

  1. 2 weeks by Aladrin · · Score: 5, Insightful

    Like 2 weeks was enough to cause the massive problems Sony had. Hah.

    No, more like, Sony found out they were incompetent and was firing them for that. Too little too late, obviously.

    And what should have Sony done, when they realized they weren't secure? Shut down their entire business for months until they could hopefully secure things?

    I'm not pulling 'months' from nowhere, either. Sony's Japanese PSN is still down while they secure it because the government won't let them bring it back up.

    --
    "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
    1. Re:2 weeks by hey! · · Score: 5, Insightful

      We're speculating here, and it's easy enough to cast the fired guys as villains or victims depending on what you want to imagine.

      In the universe where they're victims:

      That the security breech occurred so soon after these guys were fired is far from proof that they were incompetents. Two weeks is plenty of time for key systems to be mis-configured by a replacement who doesn't understand what's going on, or to fail to perform some important maintenance task like applying a critical security patch. It is also possible that the attack ought to have been detected and contained, but there was nobody left who knew how to do that.

      In the universe where they're villains:

      That the security breech occurred so soon after these guys were fired suggests they failed to secure the system, or were in fact actually malicious themselves. Two weeks would not be enough time to fix much after you fired them.

      In any conceivable universe:

      It would be stupid fire all your security guys for incompetence without bringing in replacements *first*. Even if these guys are incompetent, they know details that their competent replacements will need to know, and which are probably not well documented. Not knowing these details would set the competent replacements back far enough that they might take several more weeks to get things locked down properly.

      Being prepared before you give the old team the boot goes even if you have *malicious* network guys. If management knows its job, they get the security tiger team AND the legal team AND the computer forensics team ready for action before the evil admins realize anyone's on to them. Then one morning the admins find themselves locked out of work and subpoenaed, and the systems all shut down damn the cost until the new security team say it's kosher to open for business.

      In the universe we actually live in:

      As yet we know very little about how the security disaster happened, and have no idea whether the events mentioned in the lawsuit are relevant at all.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  2. Re:So they sacked them too early by tjkwentus · · Score: 5, Interesting

    Or too late

    Or the sacked were involved in the breach.

    --
    Shameless self-plug: http://nerdramblings.com (my blog)