There has been a lot written about the Sony breach lately, some of it factual, some of it comical (see SNL’s cold open on Saturday). But all the news can basically fall into one of 3 categories: 1. The hack of Sony, apparently by the North Koreans. 2. Sony’s lack of regard for data security, which is damningly apparent by Sony’s own emails, which were revealed by the hacks. 3. The unsung victims of the hack, whose private information has forever been revealed. While anyone can see humor in #1, as one member of the group of unsung victims, making fun of our plight is really unnecessary.
My spouse and I have always been aware of the need to keep private information private and we practice what we preach. My spouse, however, is a former Sony employee and, at one time or another, 6 people’s social security numbers (5 + my spouse) were provided to Sony for the purpose of their life and/or health insurance benefits. My spouse was nowhere near being included on the list of highest Sony earners that was one of the earliest releases by the hackers.
When my spouse left Sony, there was no need for Sony to keep any of their beneficiary information. Sony did so. Sony could have and should have encrypted all current and former employee data and keep it off the normal network and on a more secure network. It is apparent Sony did not follow state of the art practice regarding data security. Sony has had multiple breaches, including their PlayStation network in 2010 and a breach, which may have been a dry run, of a network in Brazil earlier this year. Regardless as to whether this was a foreign government, a really smart 11th grader or the Second Coming who hacked Sony, Sony’s data security practices point to negligence.
What has this meant for us? We have changed every login and password. We have put “two-step” verification on everything we could. Still, hackers have attempted to get into two of our accounts on multiple occasions; we know this because the two-step authentication was activated. We have evidence that social security numbers have been stolen, sold and are being used.
Sony’s answer to all of this is to provide us with AllClearID, for free, for 12 months. AllClearID has told us we are safe; however, we spent hundreds of dollars on Lifelock and that has painted a different story. We believe this will play out over years, not months. For every Sony employee who had minor children as beneficiaries, those kids “virgin” social security numbers are valuable because it will be years until fraud might be detected. What is Sony doing for the real victims – the people who had no control over their data and who were just showing up and doing a job to help one of the premier entertainment companies earn profits – in the long term? We look forward to finding out answers.
So please – make fun of Kim Jong-Un all you want, but understand that some of your friends and neighbors are unwitting victims and if they are smart, they are doing everything they can to protect themselves.
0 nhận xét:
Đăng nhận xét