I know someone that briefly worked for a third party company that Sony had outsourced a fairly large project to (building some social networking features into the web based side of PSN). I found it really surprising at the time that Sony had outsourced that sort of thing, but I'm getting the feeling now that it must have been a fairly common practice.
Given the wildly different business sectors that Sony is involved in, it's really not so surprising that their security varies considerably amongst them. Somehow I doubt lulzsec would be anywhere nearly as successful if they were attempting to steal semiconductor manufacturing information from the Japanese offices. Although that might just make it all the more insulting to Sony's customers who just had all of their personal information stolen.
Given the wildly different business sectors that Sony is involved in, it's really not so surprising that their security varies considerably amongst them. Somehow I doubt lulzsec would be anywhere nearly as successful if they were attempting to steal semiconductor manufacturing information from the Japanese offices. Although that might just make it all the more insulting to Sony's customers who just had all of their personal information stolen.