SC Magazine reports that Sony has experienced a third breach in as many weeks. This one is NOT as serious as either of the previous breaches, but if you are a Sony customer, it is still worth knowing about.
It appears that Sony found an old server from 2001 that was setup to gather sweepstakes entries, still connected to the Internet. The data on that server involved the personal information of 2,500 sweepstakes contestants according to Reuters, which first reported the news. The data did not include credit card, Social Security numbers or passwords. Enough intelligence is present to launch a significant spam and fraud campaign using email, snail-mail and phonecalls, though.
Sony has announced that as a result of these recent breaches, it plans to deploy software monitoring and configuration management tools, increase encryption, improve intrusion detection capabilities, and add new firewalls. In addition, the company plans to hire its first-ever chief information security officer.
I hope that position resides in the GTA of Ontario, Canada. I happen to know a guy…