Attackers broke in and took whatever they wanted, exfiltrating gigabytes and gigabytes of documents, emails and even entire movies, apparently at will for months and months on end.
Posting the stolen data and the celebrity nature of much of it has resulted in a public relations nightmare for the company. It revealed snarky personal comments never meant to go public as well as personal information such as Social Security numbers and salaries and competitive information about projects in progress.
The scenario is any corporate IT security pro's worst fear being pwned and hung out to dry publicly. Add to that lawsuits being filed against Sony by former employees seeking damages they say they suffered because the company failed to adequately protect the data.
Whereas most breaches are carried out for profit such as theft of credit card information this attack was intended to hurt its victim as much as possible on multiple fronts and has been very successful.
Many of the big for-profit breaches involved compromises of the credit/debit card swiping machines at retail stores, among them Target, Home Depot, Neiman Marcus, Michael's and PF Chang.
A common way the crooks got in was by infiltrating trusted business partners and stealing legitimate credentials for accessing the victims' networks. Once inside, they moved from machine to machine until they reached the subnets containing point-of-sale machines, which they infected with scrapers to steal card numbers and expiration dates.
Sony's woes dominate headlines about hacks, there were some other significant break-ins this year. Here are a few of them briefly described.
Data compromised Seemingly everything stored in the network.
How they got in Unknown. Speculation ranges from an attack launched in a Thailand hotel to an inside job.
How long they went undetected Unknown.
How they were discovered On Nov. 22 employee computers received messages threatening public distribution of stolen data and displays of skulls on their screens.
The Target breach happened last year but the important details came out this year so it's included here.
Data compromised 40 million credit and debit cards, 70 million phone numbers, mailing addresses and email addresses.
How they got in Hacking the credentials of a legitimate business associate, an HVAC company, to get on Target's network, then installing malware on point-of-sale machines.
How long they went undetected About two weeks.
How they were discovered The Department of Justice told them about it, but anti-malware software flagged the problem as well.
Data compromised As many as 56 million credit cards put at risk, 53 million email addresses
Sign up for Computerworld eNewsletters.