// Home / News / Security

Sony fined £250,000 for 2011 PlayStation hack

By Stewart Mitchell

Posted on 24 Jan 2013 at 10:41

Sony has been hit with a £250,000 fine for a data breach following hacks against its PlayStation Network.

The Information Commissioner's Office (ICO) fine - its largest yet against a private firm - comes nearly two years after Sony's PlayStation Network Platform was breached in April 2011, when hackers lifted the details of millions of account holders, including their names, addresses, email addresses, dates of birth and account passwords.

Payment card details were also compromised, making a monetary penalty likely and, according to the ICO, the penalty reflected Sony's inability to protect customer data adequately.

"If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," said deputy commissioner David Smith.

Sony is a company that trades on its technical expertise, and had access to both the technical knowledge and the resources to keep this information safe

"In this case that just didn't happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough."

Smith was critical of Sony's defences, which could have thwarted the attacks had they been up to date, and implied that a technology company should be better at protecting customer information.

"There’s no disguising that this is a business that should have known better," Smith said in a statement. "It is a company that trades on its technical expertise, and there’s no doubt in my mind that it had access to both the technical knowledge and the resources to keep this information safe."

The ruling also stated that Sony should have had better protection in place because in the weeks running up to the hack it had been the subject of a sustained campaign of DDoS attacks.

Smith said the high-profile nature of attacks had increased consumer awareness and made people more cautious about disclosing private information.

Sony to appeal

Sony said it "strongly disagrees" with the ruling and is planning an appeal.

"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient," a Sony spokesperson said.

The ICO said the case took two years to resolve because of the time it took to go through Sony's response to its queries.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here

User comments

What's the point?

What is the point of the ICO doing this?

Sony's reputation as a trusted provider of on-line services took a huge knock in the highly publicized debacle of 2011. This is surely more damaging than a fine from the ICO two years after the event.

As with any fine on a large corporation or government body, it is the consumers who ultimately foot the bill.

By ronwatson71 on 24 Jan 2013

Poor choice of punishment

I would have made SONY print a full page apology to their customers, on their website front page and in the major newspapers, with details of what went wrong and what they've done to fix it since - at their expense.
As has been said, a fine will simply be passed on to their remaining customers.
Better instead to remind them, and any potential customers, of their past incompetence and demand some assurances they have taken steps to stop it happening again.

By cheysuli on 24 Jan 2013

Massive Fine

Huge fine for multi-billion dollar corporation - it'll make a massive dent in their profit margin.

Oh, wait...no....its miniscule and will have absolutely no impact.

Pointless, either up the fine to £1m+ or go for the public apology and consequent loss of revenue.

By MikeHellier on 25 Jan 2013

Leave a comment

You need to Login or Register to comment.

Most Commented News Stories

Latest Blog Posts

Latest Reviews

Latest Real World Computing

Sponsored Links