Skip to main content

Sony sacked security staff prior to big breach

A lawsuit filed this week suggests that Sony sacked a bunch of employees from its network security division just two weeks before the company's servers were hacked and its customers' credit card details leaked.

The suit, which seeks class action status, is being brought by Felix Cortorreal, Jimmy Cortorreal, and Jacques Daoud Jr. - all victims of the massive data breach that took place in April - "on behalf of themselves and all other similarly situated."

According to copies of the court documents obtained by thinq_, the trio accuse Sony of a failure to adequately protect customer data. "According to information provided by industry experts and confidential informants," the papers claim, "Sony knew that its inadequate security systems placed it at increased risk for the attack, which directly and proximately caused the theft of its Customers' Personal Information and a month-long interruption of the PlayStation and SPE Networks."

The suit goes on to claim: "Sony took numerous precautions and spent lavishly to secure its proprietary development server containing its own sensitive information [...] but recklessly declined to provide adequate protections for its Customers' Personal Information."

As well as the accusation that no permanent firewall solution was in place for the attacked servers, the suit further claims: "Sony sought to cut its costs at the expense of its Customers by terminating a significant number of employees prior to the security breach, including personnel responsible for maintaining the security of the Network.

"Moreover, just two weeks before the April breach, Sony laid off a substantial percentage of its Sony Online Entertainment workforce, including a number of employees in the Network Operations Centre, which, according to Confidential Witness 2, is the group that is responsible for preparing for and responding to security breaches, and who ostensibly has the skills to bring the Network's security technology up-to-date."

The suit also details numerous instances of small-scale attacks against the service and its customers along with repeated warnings of security flaws leading up to the main security breach, accusing Sony of negligence in ignoring the signs.

Thus far, Sony has not responded to the suit or our request for comment. monitors all leading technology stories and rounds them up to help you save time hunting them down.