The scary thing is that this smaller breach probably would not have been discovered if it weren't for the full investigation of psn. How many data breaches go undiscovered?

Proper maintenance is needed, Microsoft doesn't issue weekly critical security updates just for fun. But a lot of organizations don't have the know how or budget to keep up with them. I would sooner trust a tech company to be on the ball then hospitals, schools, dmv or the irs. But unfortunately also tech companies have a lot of legacy hardware and software.

For example:

The U.S. Government Accountability Office (GAO) issued a report on March 15 saying that the IRS still hasn't fully implemented key components of a comprehensive information security program. In fact around 74 percent of known weaknesses in the IRS's IT infrastructure remain unresolved or unmitigated, GAO found.

This isn't the first time that the GAO has criticized the IRS's IT security practices. A report in 2008 found "pervasive weaknesses" in the IRS's IT security practices. The agency failed to enforce strong passwords, encrypt sensitive data, monitor changes on its mainframe systems or physically protect critical IT resources.

http://threatpost.com/en_us/blogs/irs-security-holes-put-taxpayer-data-risk-031711

Actully, Sony has already admitted the attack was through a known vulnerability.

For gods sake, will people read the damn articles posted before spouting their stupidity?

http://www.wired.com/threatlevel/2011/04/trixter/

“If Sony is watching this channel they should know that running an older version of Apache on a RedHat server with known vulnerabilities is not wise, especially when that server freely reports its version and it’s the auth[entication] server”

Sony knew this guy was on to something. Why do you think he's being questioned now?

Yeah a recently discovered one

Because he's an ex-con with the skills to do the crime 

That doesn't matter... he told Sony about it, and instead of fixing it, they sit their and twiddle their thumbs. Like idiots!

You didn't read the article.

He's a WHISTLEBLOWER. He sees vulnerabilities and reports them. He was jailed for shedding light on such vulnerabilities. He wasn't exploiting them.

I'll let you in oon another piece of the article:

"The authentication server he mentioned in the chats was running Apache 2.2.15, which was superseded in June 2010"

An update to Apache was available for almost a year. So where is this routine maintenance that you believe Sony had?

One that Sony recently discovered. But one that which has been identified and patched elsewhere for a while already.

Nowhere did I see the article state he told sony about it just that he was discussing it, which could actually make him an accomplish, either way he did time and has the skills to do it, thats all people need to question some one, I'd be concerned if they didn't question him

so do you fix everything you notice the second you notice it, things take time, at most it took them too much but without an actual time frame and industry standards to compare it to we don't even know that