[MBA] Sony: The World's Largest Data Breach?

[MBA] Sony: The World\'s Largest Data Breach?

1.    List and describe the security and control weaknesses at Sony that are discussed in this case.

2.    What management, organizational, and technological factors contributed to these problems?

3.    What was the business impact of the Sony data losses on Sony and its customers?

4.    What solutions would you suggest to prevent these problems?


Sony PlayStation Service was one of the most popular game station for online gamers. It have 130 servers across the globe. On the year of 2011 some hackers did a trick and get control over the server and stole information. Below are some weakness of Sony that contributed for the security breach:



The great security attack on Sony PlayStation Service is not an accident. It was an organized, well planned and studied approach to get control over the system. The hackers knew more about the PSN system than the Sony's technical guys.


Management Factors

The management fails to make appropriate decisions to upgrade the system. The management should have prior knowledge of how the hacking attempt was taking place in the world. Not only that being management isn't a simple thing, they should have proper decision making capacity. Spending few bucks on secure and updated system could save our customers head so that our company will be stable.


Organizational Factors

The organization is eco-system of entire management technical person and the customers too. The customers on their behalf too must have been aware of possible security threat and should have taken safety measures. The organization being mostly popular on online gaming should have taken minimal security features. The organization should have goal of not only expanding market but on the quality and security of service provided.


Technological Factors

The outdated system software used by Sony Company helped the attack. The database system was not properly secured by encryption measures. The system is not even intelligent enough to trace out what confidential data are stolen. The log file was deleted means the file permission is not set properly. I think the great theft is not performed in a flash. So they should have some alert feature to let the management and concerned authorities.



 For a company like Sony that have high customer belief and daily customer engagement, shutting a system for few hours mean a very high level of customer dis-satisfaction and diversion. The impact can be listed below:



Sony, if analysed and investigated the great attack thoroughly would find the possible weakness and the dark side of their system. The report could suggest preventive measures which may include but not limited to: