Can You Guess Who Benefits The Most From Sony’s Data Breach?
(This post originally appeared on Forbes)
The recent data breach scandal affecting Sony was not just an event where credit card data was stolen. It was something worse. It was the theft of confidential information from a company followed by the online disclosure of this information to the public. Seth Rogen and James Franco aside, the company’s customers, partners and (most importantly) employees were seriously hurt by this.
So who benefited?
Fingers have been pointed at the government of North Korea. They had the motive (a hatred of the U.S. and a particular vendetta against Sony who is soon to be releasing a film starring Rogen and Franco that spoofs the country’s leader Kim Jong-un) and they have the means – a reported team of “Guardians of Peace” members with the capability and resources to hack into just about anywhere. North Korea has denied they were involved. Maybe they’re telling the truth. Or maybe not. But they’re still not the ones who have benefited the most from this incident. The ones who really came out on top are the media.
This would be the well-known and respected brands like CNBC, CNET, ABC News, ZDNet, Washington Post and yes The New York Times and Wall Street Journal too. These are outlets that not only reported on the breach, but in many cases actually disclosed some of the confidential and damaging data hacked (or at least where to find it).
For example, tech site ZDNet helped out the public by reminding us that “sensitive data stored by Sony was leaked online, and remains downloadable through BitTorrent software.” The publication was also kind enough to remind us that “Passwords, mailboxes, personal employee data and passport copies are stashed away in the files.” The online news service Fusion.net provided even more details of the data hacked which then prompted other media outlets to use the private information of Sony employees as a basis for discussing the gender and pay differences in corporate America. And just a few days ago The New York times pointed us to Pastebin, an “anonymous posting website” in case we were interested in the personal data of the employees working at the consulting firm Deloitte, who also suffered a similar breach.
Yeah, I guess we can find this ourselves if we really looked for it. But we don’t need to try very hard. We’ve got the top media brands helping us. The media doesn’t really care about the impact of their actions or the impact this has on the actors’ careers for when they negotiate new projects. Little concern is given to the social security numbers that are now being passed around like lottery tickets or the personal lives of Sony employees who are being scrutinized. It’s fun to read about the internal upheaval that’s now going on at a company that provides the livelihood for tens of thousands of people and the embarrassment of managers and humiliation of employees affected by all this, isn’t it?
Why? It’s news. It’s viewers. It’s readers. It’s the Internet. Media companies can’t be blamed for reporting the news and investigative journalism is their job. Up and coming sites like Fusion are battling for their existence every day with editors at competing sites who wouldn’t hesitate to report on their grandparents’ private lives if it means just a few more eyeballs. And let’s be real here: I’m part of the problem too – this blog will only drive more attention to the event for the three people who will actually read it.
The important thing for my clients to learn about the Sony incident is that hacked data can take all forms, equally damaging. And just because you don’t store credit information doesn’t mean you’re not exposed to a big problem. Even the theft of salary, benefits and contract details can turn a company upside down. It should particularly motivate us to scrutinize our outside payroll service and the IT firms and cloud based services that are supposedly securing our files and documents stored there. It should also motivate us to have not only a disaster recovery plan, but a public relations strategy if such an event were to occur. The media, as we saw with Sony and Deloitte, is hungry to report on data breaches and seem to have little problem disclosing personal information to the public if it helps sell an online ad. They’ll benefit. You won’t.