Re: Got off lightly
Oh I see Lulzsec were just doing them a favour! It all makes sense now.
And if I kick in your door, smear faeces all over your bed and walls, and steal your home sex tapes and bank account records and release them on the web I'd be doing you a favour too for not having a stronger door. You'd thank me for it. Right?
Er, no - that isn't what I said at all. Tone down the "Righteous of Romford", this isn't the Daily Mail.
My point is that part of the "loss" to Sony is Sony having to do what they should have done in the first place. You can't attribute the totality of the costs to LulsZec, Sony are also to blame.
Sony made the choice to ignore industry standards and just hashed passwords instead of hashing combined with a salt. It was this failure that meant that passwords were readily decipherable by use of rainbow tables.
The $20m cost of the intrusion was largely related to having to provide ID theft monitoring services to all US users, which would not have been necessary had the appropriate measures already been taken.
You can tell from Sony's actions that they are partly culpable. They have a duty of care to protect their users personal information using industry standards. They failed to do so, and so have had to pay for ID theft protection, credit card fraud monitoring and protection, and so on.