Dr. Gene Spafford a professor of Computer Science at Indiana’s Purdue University and Cyber-security expert testified before the U.S. House of Representatives’ Subcommittee on Commerce, Manufacturing and Trade alleged that Sony ignored reports of vulnerabilities to its servers.
“On a few of the security mailing lists that I read, there were discussions that individuals who work in security and participate in the Sony network … had discovered that the network servers were hosted on … very old versions of Apache software that were unpatched and had no firewall installed,”
“These were potentially vulnerable, and that they had reported these in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software.”
Asked when this took place, Spafford answered “two to three months prior to the incident where the break-ins occurred”.
Dr. Gene Spafford testimony starts at 55min 24sec into the video