Sony has been fined £250,000 over 2011’s PSN hack, due to a “serious breach” of the Data Protection Act, according to the BBC this morning.
The Information Commissioner’s Office said that Sony’s security software was not up to date, and that the hack could have been prevented.
The ICO also said, in their report, that user passwords were not secure, and that names, addresses, dates of birth and payment card information could have been at risk.
“In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough,” Smith added.
The ICO said that the security lapse was the “most serious it had ever seen,” and “there’s no disguising that this is a business that should have known better.”
This post on the 21st of April seems so innocent and naive, but it soon escalated. Sony first kept quiet on the matter, saying it would be up much sooner than it was. Users were kept guessing as Sony tried to scramble to figure out what had happened and how to best address the news to its subscribers.
It was huge news, with that month generating a huge amount of interest in what was going on with Sony and the hack. At the time of writing we’ve got four pages of posts relating to it.
Then, five days later, this happened. The internet exploded.
Sony has since said that the PSN is more secure than ever.
Sony Europe will appeal against the fine, with a statement claiming “there is no evidence that encrypted payment card details were accessed,” and added that “personal data is unlikely to have been used for fraudulent purposes.”
“The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack.”