The current streak of bad luck at Sony (NYSE: SNE) continues this week, with news that the official website for Sony BMG Greece has been hacked, resulting in some user data being posted onto the Internet. This was followed by a breach at Sony Music Japan, which was understood to entail the use of an SQL injection attack, though it wasn't clear if hackers were only able to read database entries as opposed to modifying the data. Of course, both the above attacks come after initial strikes that took down the company's PlayStation Network and Sony Online Entertainment. Sony said earlier this week that it expects the PSN hack to cost it US$170 million (¥14 billion) for this financial year.

Writing on the official Sophos blog, senior security adviser Chester Wisniewski posed what must be the question on everyone's mind: "Is Sony taking security seriously or are there simply so many flaws from the past that exist in their public facing sites that it will take them a long time to patch them all?" I suspect it may be the latter, which means that the digital break-ins at Sony may get much worse before they get better. May this be a timely reminder that businesses need to invest in security from the get-go, and not scramble at both damage and reputation control only after being broken into.

For more:
- check out this article at MSNBC
- check out this article at Network World
- check out this blog entry at Sophos

Related Articles:
Sony apologizes, promises phased restoration of PlayStation Network
Anonymous denies hacking Sony; concedes that some members may have done so
Amazon EC2 link to Sony hack shows how cybercriminals are co-opting cloud technology
CIOs take it on the chin at House hearing
Sony to end production of floppy disks