Analysis Of The Sony Breach

Risk Based Security is doing a play by play of the Sony breach.  Visit their website for a detailed analysis of what was stolen.

I am going to just pick one little part of it, which is scary in and of itself.  The fact that they found over a million unredacted socials is a business process problem.  One that will likely lead to a number of lawsuits.

Utilizing the enterprise solution, Sensitive Data Manager, Identity Finder discovered:
  • 601 files containing SSNs
    – 75 Acrobat PDFs
    – 523 Excel spreadsheets
    – 3 Word documents
  • 47,426 unique SSNs
    – 15,232 SSNs belonged to current or former Sony employees
    – 3,253 SSNs appeared more than 100 times
    – 18 files contained between 10,860 and 22,533 SSNs each.
  • 1,123,798 copies of compromised SSNs
“The most concerning finding in our analysis is the sheer number of duplicate copies of Social Security numbers that existed inside the files. In this instance, some SSNs appeared in more than 400 different locations, giving hackers more opportunities to wreak havoc,” said Todd Feinman, President and CEO, Identity Finder. “As we have seen from the myriad data breaches this year, every organization is vulnerable to an attack. Security technologies are an important shield, but minimizing the target and reducing the footprint of sensitive data is more critical than ever.”