Good Example Of Sony Reels From Multiple Hacker Attacks Case Study



Sony Corporation is one of the leading manufacturers of electronic products with headquarters located in Konan Minato, Tokyo, Japan. The company evolved as Sony in 1958, when its first product, the TR-55 radio transistor was launched under this brand name. Ever since its inception, the company has been a leading name in the electronics industry and caters for consumer as well as professional markets. According to the 2012 list of Fortune Global 500, the company ranked at the 87th position. The Sony Corporation has four major business units which are divided as follows; Sony Electronics, Sony Motion pictures, andSony Music and Financial services. Due to the diversified portfolio within the electronics industry, Sony has been able to maintain a significant share of the entire electronics industry. For the purpose of the case study at hand, we would be majorly focusing upon Sony Computer Entertainment. The Computer Entertainment division of the company is responsible for the research and development at the company that is essential for a technological company if they want to stay ahead of market trends. The establishment of this division, Sony Computer Entertainment, was inaugurated on November 16, 1993, before the launch of a new product, Play Station.


The case at hand discusses the dilemma Sony was faced after multiple hacking of its systems and the loss of identity of its users to the hackers. This paper would overlook the different points which caused the hacking to take place and the consequences it had for the company. An interesting point which would be raised in the paper is in regard to the Sony Play Station Network debacle and the costs the company had to incur as a result. Adding on, other online video gaming services offered by WOW, SL and Sony PSN would be discussed and contrasted. Moreover, the issue of hackers and how to deal with such a situation would be discussed in this paper. It would outline whether hackers should be reprimanded and sentenced to the relevant punishment for their act or should the company take steps to prevent itself from such parties. Specifically in this case, it is important to highlight whether companies such as Sony who face a situation as described in the case should admit their fault or scapegoat a third party. The consequences of admitting there has been a security breach may be in favor or against the firm depending on how the problem is handled (Jung, Han, & Lee, 2001). Lastly, the paper would discuss a personal example of identity theft.

Underlying Principles

Growth of e-commerce
Technology has opened up greater avenues for businesses and customers both. People are more involved in doing business online because of the ease it provides. It is no surprise that this growth has led to a multitude of new business start-ups because of the low costs associated with setting up a business. Most companies that have begun online even pose as a competitive threat to many larger firms because they can customize their products. The technological industry is significantly determined by the trends in the market; therefore, if an e-commerce is adapted by organizations it would be their benefit in the long-run. Sony has had to face competition from other companies such as Microsoft’s Xbox. Xbox ever since its inception has provided intense competition to Sony’s PSN. Even though, Sony has updated the play station time and again in order to adjust it to the changing trends, but Xbox has been successful in capturing a part of the market that was once dominated by Sony Entertainment. The e-commerce industry is growing at a rate of 20 percent per year around the world, but this growth is slightly lower in America as compared to the European region (Benbast & Zmud, 2003).

Threat to Personal Security

Phishing is a common threat to online gamers. Similarly, gamers on the website of Sony were also prone to this threat. Hackers often obtain credit card and other private information of the gamer, by camouflaging it through a website that resembles a genuine source such as Citibank. The user may be threatened to lose their identity if they do not validate; thus, it seems like a genuine concern of the gaming website. Adding on, cheaters and fraudsters are common on gaming websites. These individuals may offer to help the serious gamer by offering them an attractive package. Eventually, it turns out that the gamer has become a victim to a scam and his/her personal information is leaked to the cheater or fraudster. Computers or smartphones are susceptible to malware viruses that may steal personal information from the user’s phone or computer. By sending a fake update, hackers may gain access to information that may be confidential and the user may become a victim to yet another scam and identity theft (Margulis, 2003).

Sony PSN debacle

The infamous attack on the security of Sony’s Play Station Network led to the company being imposed with a fine of as high as $400,000 and had to incur an additional cost of damage of approximately $171 million. This did not only have an impact upon the financial aspect of the company, but it was a huge dent on its credibility as a technological company. The company’s core strength lay in its ability to develop high-end technological products, yet they were unable to protect themselves from a security breach like this. Even though, Sony rejects the findings of ICO, but it is no more hidden truth that customers data was exposed to unknown hackers. The Deputy Commissioner and Director of Data Protection, David Smith, reported that when the company was aware that they were involved in handling credit card information of thousands of customers they should have had a stringent security system (Goss, 2013). Even though the company may have taken security measures, but they were flawed because the hackers were able to gain access to highly confidential information. There are no reported incidences where customer’s data may have been misused by any third party, but 9 percent of the users shifted to Sony’s competitors including Xbox. However, it was not later than October 2012 that Sony experienced another hacking event.

Protection of Private Information

It is essential for companies such as Sony to protect the information their customers provide. These large multinationals have credibility in the market, and customers are willing to trust them with confidential information because they believe it would be in safe hands. Companies such as WoW and SL take pride in the fact that they have millions of users all over the world. In order to maintain the trust of these millions of users, it is extremely important for these firms to ensure that they protect their user’s identities. However, regardless of the security measures taken by the organization it is difficult to confidently suggest that the system would be completely fool-proof (Dyck & Zingalis, 2004). The world has yet to fight against the best of hackers and enhance their security systems. In order to protect information as sensitive as credit card details, companies need to install firewalls that would protect them against malicious users. It is not an option for companies such as Sony to install firewalls, rather it is a necessity if they want to retain customers and protect themselves against lawsuits (Millberg & Berg et al., 2014).

Consequences of hacking for a hacker

Hacking is most often considered in a negative light. People look down upon the skill of hacking because it gives an unknown person access to data that is not meant for him/her (Young, Zhang, & Prybutok, 2007). Consequently, it is no surprise that hacking is seen as an illegal act. Hackers are considered as delinquent and are also sent to jail as a result of their acts. However, the punishment of hackers is totally dependent upon the intensity of their act or the consequences of their hacking activities. Cyber crime is regarded as an illegal act similar to any other form of crime, and it has its punishments. However, if looked in a positive light, and if hackers are brought on the right track it is possible to turn this deviant act into something that benefits the society (Kshetri, 2006). In the fight against terrorism and the identification of other hacker’s people who have the hacking skill may be used. Thus, this suggests that if taken positively hackers do not always have to be reprimanded for their actions. These people could be important for law enforcement agencies as they could help serve a purpose towards protecting the nation against terrorist attacks. If possible in certain circumstances people should direct the hackers in the right direction and attain benefit from them rather than loss.

Publishing Security Breaches

It is common practice for companies to keep security breaches undercover. The main reason for keeping such information secretive is because companies cannot risk their reputation (Kannan, Rees, & Sridhar, 2007). It is difficult if not impossible to regain the lost trust of its customers. Moreover, with an increase in competition in the business world, companies may lose their customers to competing firms once the trust is lost. Thus, it is no surprise that companies do not want to make a public announcement of any security breaches within their system. However, from the perspective of the consumer protecting information that is vital to them should be told to them in case of security breaches or similar events. From a legal viewpoint, the company is bound to inform its users about any breach in their security system. However, protecting such information from customers would ensure that the company’s image is not negatively impacted (Garg, Curtis & Halper, 2003).

Personal Identity Theft Story

I may consider myself lucky that I have not fallen prey to any personal identity theft. One way I have been able to avoid such scams is that I avoid giving out my personal information over the web. If there is ever a need to give my information I ensure, the website I am using is a genuine one and has not been a victim of security threats. Even though, I do receive emails, but I have avoided these as much as possible by not signing up for any useless newsletters, etc. Adding on, I closely scrutinize my credit card report occasionally to ensure that no unusual activity has taken place over my card. I have also informed my bank to notify me immediately when an unusual act takes place over my card because I have a certain purchasing habit from my card.


The paper discussed cyber attacks and online crimes in particular reference to Sony PSN. Several gaming and online services require users to give in their personal information such as credit card number; thus, exposing people to security threats in case hackers attack the system of the company. The paper also highlighted the useful ways hackers can be used if their efforts are directed in the right direction.


Benbast, I., & Zmud, R. (2003). The Identity Crisis within the Is Discipline: Defining and Communicating the Discipline’s Core Properties. MIS Quarterly, 27(2), 183-194.
Dyck, A., & ZIngalis, L. (2004). Private Benefits of Control: An International Comparison. The Journal Of Finance, 59(2), 537-600.
Garg, A., Curtis, J., & Halper, H. (2003). Quantifying the financial impact of IT security breaches. Information Management & Computer Security, 11(2), 74-83.
Goss, P. (2013). Sony hit with a big fine over PlayStation Network hack. TechRadar. Retrieved 4 November 2014, from
Jung, B., Han, I., & Lee, S. (2001). Security threats to Internet: a Korean multi-industry investigation. Information & Management, 38(8), 487-498.
Kannan, K., Rees, J., & Sridhar, S. (2007). Market Reactions to Information Security Breach Announcements: An Empirical Analysis. International Journal Of Electronic Commerce, 12(1), 69-91.
Kshetri, N. (2006). The simple economics of cybercrimes. Security & Privacy, IEEE, 4(1), 33-39.
Margulis, S. (2003). Privacy as a Social Issue and Behavioral Concept. Journal Of Social Issues, 59(2), 243—261.
Millberg, S., Burke, S., Smith, H., & Kallman, E. (2014). Values, personal information privacy, and regulatory approaches. Communications Of The ACM, 38(12), 65-74.
Young, R., Zhang, L., & Prybutok, V. (2007). Hacking into the Minds of Hackers. Information Systems Management, 24(4), 281-287.