We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,780 News Articles

Sony Hack Caps Recent String of Security Horror Shows

Sony is just the latest in a string of security screw ups that have impacted millions of people in the past two months.

Sony's massive security breach impacting as many as 100 million of its customers is just the latest in a string of corporate security gaffs in recent months that have left customers vulnerable to financial fraud and identity theft. Lax security has impacted a large number of corporations, institutions, and even computer security firms recently. Here's a breakdown of some of the more sensational (and sensationally stupid) security breaches.

Sony isn't the only company in recent weeks to end up with digital egg on its face.

Epsilon's Greek Tragedy

Epsilon, the world's largest permission-based e-mail marketer, endured an attack in late March that exposed names and e-mail addresses saved in the customer databases of many well known companies such as JPMorgan Chase, Capital One, Marriott Rewards, McKinsey Quarterly, US Bank, Citigroup, Ritz-Carlton Rewards, Brookstone, Walgreens, The College Board, and the Home Shopping Network (HSN). Epsilon has more than 2000 corporate customers and is responsible for more than 40 billion marketing e-mails every year on their behalf.

Lab Hack

The Oak Ridge National Laboratory was hacked in late April. The federal lab, funded by the U.S. Department of Energy, works on a variety of projects including energy matters and, not so reassuringly, computer security. Hackers were only able to steal a "few megabytes" of data before the lab shut down Internet access to employees to deal with the hack. The lab said the hack was the result of what security experts call an "advanced persistent threat" (APT). Which is a fancy way of saying several employees opened an e-mail and clicked on a malicious link. Oak Ridge was also hacked in 2007, and withstood an earlier attack in 2000.

An Oopsie the Size of Texas

In late March, the State of Texas Comptroller's Office mistakenly exposed the social security numbers, names, birth dates, driver's license numbers and addresses of 3.5 million people. The private information came from members of the Teacher Retirement System of Texas (TRS), the Texas Workforce Commission (TWC) and the Employees Retirement System of Texas (ERS). The government office said the unencrypted data sat on a publicly available server for nearly a year by mistake. Oops.

RSA (Not So) SecurID

In March, security firm EMC notified users that one of its companies, RSA, was the target of an "extremely sophisticated cyber attack" referring to it as an APT. The attack had the potential to compromise the security of RSA's two-factor authentication product, SecurID. But the company said the attackers would need additional information from RSA customers to carry out a widespread attack. It was later reported that RSA's "extremely sophisticated attack" consisted of someone opening a malicious Excel document containing a zero day exploit of Adobe Flash.

E-mail Foul

One security screw up straight out of left field comes courtesy of the New York Yankees. In late April it turns out a customer service representative for the Bronx Bombers accidentally sent out the personal details of 18,000 season ticket holders to a newsletter mailing list. The details were reportedly attached to the bulk e-mail as a spreadsheet, which begs the question, "how does a lowly customer service representative have the power to access or compile a spreadsheet filled with customer data?" And, more importantly, would this have happened to the Red Sox?

Sorry State of SonySecurity

Sony recently revealed that its Sony Online Entertainment network, used for massively multiplayer online games such as EverQuest and Star Wars Galaxies, was the victim of an online intrusion. Making matters worse is the news that as many as 12,700 credit card numbers may have been stolen in the second Sony break-in. The SOE hack follows the highly publicized shut down of Sony's PlayStation Network and Qriocity music service after the company detected an "external intrusion."

Connect with Ian Paul ( @ianpaul ) and Today@PCWorld on Twitter for the latest tech news and analysis.


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...