Sony breaches and how to keep your data safe

Between charging a full $60 for a cosmetic console cover, to revealing not one but two recent data breaches that compromised customer information, Sony hasn’t had the most flattering week.  An ongoing Sony investigation into claims that a ransomware group called RansomedVC had accessed the company systems and planned to sell stolen data, resulted in the discovery of unauthorized access to a server in Japan.  Confusingly, RansomedVC has since shared a 2GB file supposedly containing stolen Sony data, and yet the file appeared to be undownloadable.  It paints a very muddled picture of the incident.

Nevertheless, Sony’s second breach cannot be ignored.  Taking us back to our old friend, the MOVEit hack, which has affected over 62 million people so far.  Sony was one of the first of hundreds of organizations hit by that breach, where hackers downloaded files from its MOVEit platform.  Sony disclosed that nearly 6,800 people were impacted by the ubiquitous breach.  Although Sony hasn’t specified exactly what data was stolen beyond it being personal information, the fact that they are offering free credit monitoring and identity restoration services to impacted people show how serious the issue is.

For those who have been impacted by this or other breaches, it is critical, once an organization alerts you to a breach of your sensitive data, to quickly ascertain just what information has been compromised.  After all, a breached entity isn’t necessarily required to share all the details.  Subsequent steps include examining and resetting your passwords, setting up two-factor authentication (2FA) for your accounts, which is a secondary layer of protection, and monitoring your credit cards and accounts.  Security experts recommend replacing the standard text-based 2FA with the use of an authentication app, since phone numbers are so easily exposed these days. 

Examining your old, inactive accounts is also beneficial, since they may contain still-active data like emails or passwords that hackers could swoop in and steal.  And if these are accounts that you’ve all but forgotten about, all the better for them.

For the organizations charged with protecting collected data, more substantial steps are of course required, both by consumer expectations and, more materially, by government regulatory requirements for compliance.  

Encryption of stored data is a critical part of the process.  To that end, NetLib Security’s Encryptionizer product offers robust, transparent encryption for servers, applications, devices and legacy systems.  With virtually no impact on performance or extra programming required, Encryptionizer assists with compliance standards and proactively protects sensitive data as a cost effective solution.


By: Jonathan Weicher, post on October 12, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security