Sony hit with £250k fine for 2011 PSN hack attack, SCEE responds
Back in May 2011, Sony revealed that the PlayStation Network hack attack, in which information from up to 77 million user accounts was stolen, cost the company $170 million in "insurance and damages". Now it will have to find a further £250,000 to pay a fine levied on it by the UK's governmental Information Commissioner's Office.
The ICO has found that Sony Computer Entertainment Europe could have prevented the attack in the first place, had its software been "up-to-date". It also states that technical developments "meant that passwords were not secure".
Hackers gained access to names, addresses, email addresses, dates of birth and account passwords when they stole data from the games giant. The ICO also states that "payment card details were also at risk".
“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," said David Smith, deputy commissioner and director of Data Protection. "In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.
"The penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft."
Sony is planning to appeal the decision. "Sony Computer Entertainment Europe strongly disagrees with the ICO’s ruling and is planning an appeal," it told Pocket-lint in an official statement.
The company also wishes to highlight certain aspects of the full ruling. "SCEE notes, however, that the ICO recognises Sony was the victim of 'a focused and determined criminal attack', that 'there is no evidence that encrypted payment card details were accessed', and that 'personal data is unlikely to have been used for fraudulent purposes' following the attack on the PlayStation Network'," it said.
"We are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack."