XI
you are not logged in
News

Sony Fined £250,000 Over PSN Hack

SCEE to appeal, saying that "there is no evidence that encrypted payment card details were accessed".

Sony has been fined £250,000 over 2011’s PSN hack, due to a “serious breach” of the Data Protection Act, according to the BBC this morning.

The Information Commissioner’s Office said that Sony’s security software was not up to date, and that the hack could have been prevented.

The ICO also said, in their report, that user passwords were not secure, and that names, addresses, dates of birth and payment card information could have been at risk.

Tretton apologises for the network hack and subsequent downtime at E3 2011.
“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority,” said David Smith, deputy commissioner and director of data protection at the ICO.”

“In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough,” Smith added.

The ICO said that the security lapse was the “most serious it had ever seen,” and “there’s no disguising that this is a business that should have known better.”

This post on the 21st of April seems so innocent and naive, but it soon escalated. Sony first kept quiet on the matter, saying it would be up much sooner than it was. Users were kept guessing as Sony tried to scramble to figure out what had happened and how to best address the news to its subscribers.

It was huge news, with that month generating a huge amount of interest in what was going on with Sony and the hack. At the time of writing we’ve got four pages of posts relating to it.

Then, five days later, this happened. The internet exploded.

Sony has since said that the PSN is more secure than ever.

Sony Europe will appeal against the fine, with a statement claiming “there is no evidence that encrypted payment card details were accessed,” and added that “personal data is unlikely to have been used for fraudulent purposes.”

“The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack.”

37 Comments
  1. Taylor Made
    Member
    Since: Oct 2011

    That’s not too bad quarter of a milli, it could have been worse. Does this company who is charging them cover worldwide or it’s just one part of the country if that makes sense

    Comment posted on 24/01/2013 at 08:13.
  2. carson321
    Member
    Since: May 2009

    So does this money go to the government??

    Comment posted on 24/01/2013 at 08:17.
    • ron_mcphatty
      Member
      Since: Sep 2008

      That’s a good question, I’ve always wondered where the cash from these fines go? Is it used to fund the regulator or is it just an enforced budget that SCEE then have to spend on security improvements?

      Comment posted on 24/01/2013 at 08:22.
      • carson321
        Member
        Since: May 2009

        That’s not a bad idea, though of course they will already have spent so much money and improved the security since then, at least I hope they have!

        *Anyone seen the key to the back door? I think Jo had it last*

        Comment posted on 24/01/2013 at 08:25.
      • John Malcolm
        Member
        Since: Apr 2009

        Regardless of where the money goes, I know it’s not going to me for all the hassle I suffered, worrying about security, changing passwords, setting up new email accounts etc.

        No, the money probably goes into some government pot of some kind, possibly for dolling out to their rich friends in the banking industry (instead of those who were inconvenienced) so they can buy another Veyron or super yacht – yes, I AM bitter and twisted!

        Comment posted on 24/01/2013 at 09:01.
      • Sympozium
        Member
        Since: Aug 2009

        Duck houses

        Comment posted on 24/01/2013 at 11:50.
    • cc_star
      Team TSA: Writer
      Since: Forever

      Usually fines go in to the regulator’s pot, although who knows these days.
      It may end up buying a democracy bomb to drop on some remote African village.

      Comment posted on 24/01/2013 at 09:23.
      • ron_mcphatty
        Member
        Since: Sep 2008

        I might write to the ICO, I’d really like a new car!

        Comment posted on 24/01/2013 at 10:07.
  3. avengerrr
    Member
    Since: Oct 2012

    I’m surprised it was such a small amount for such a big incident. Should be water of a duck’s back for Sony surely.

    Comment posted on 24/01/2013 at 08:25.
    • carson321
      Member
      Since: May 2009

      Not with the way their financials across the board are at the minute!

      Comment posted on 24/01/2013 at 08:25.
      • ABlokeCalledDaz
        Member
        Since: May 2010

        Yes, and they’ve got the PS4 to finance.

        Comment posted on 24/01/2013 at 12:34.
  4. Bilbo_bobbins
    Member
    Since: Jun 2009

    Is that all, for millions of peoples passwords and accounts, one of which mine had thousands of pounds taken out from this? I’m appalled to be honest.

    I love Sony, but this is a joke fine IMO. Though Sony have lost a lot of money from me since, as I haven’t used PSN since then. Just realised that its a long time too.

    Comment posted on 24/01/2013 at 08:30.
    • Alex C
      One for all.
      Since: Forever

      It’s the UK only, but yeah, it’s quite small.

      I don’t think I’ve put my card details in since, either.

      Comment posted on 24/01/2013 at 08:33.
      • funkyellowmonkey(ps3 id)
        Member
        Since: Forever

        Just remember to delete card details doing your transactions and or wait till Paypal is fully usable on it? :)

        Comment posted on 24/01/2013 at 23:32.
    • Tuffcub
      On the naughty step.
      Since: Dec 2008

      The fine takes in to account the huge amount of business lost and the battering Sony’s share price took – if you look at those then the “fine” cost them hundreds of millions.

      That’s why this is 250K, Sony have already lost a massive amount of money for being stupid – bascially they punished themselves.

      Comment posted on 24/01/2013 at 09:16.
      • Bilbo_bobbins
        Member
        Since: Jun 2009

        I totally understand, but that’s their own fault and rightly so. If a regulator only gives a small fine, it’s not much incentive for others and Sony to worry about it again, because they hardly got a ticking off about it.

        I’m disgusted to be honest. Always the same though with regulators, there is no point them actually being there in the first place.

        Comment posted on 24/01/2013 at 09:22.
  5. LTG Davey
    andUandU
    Since: Aug 2008

    Should have been so much more.

    Comment posted on 24/01/2013 at 08:59.
    • Alex C
      One for all.
      Since: Forever

      Apparently the maximum is 500k.

      Comment posted on 24/01/2013 at 09:02.
      • KeRaSh
        Member
        Since: Nov 2009

        They said this was the most serious case they’ve had so far. A fine closer to the maximum would have been quite fitting.

        Comment posted on 24/01/2013 at 10:00.
  6. Takyu
    Member
    Since: Aug 2012

    I’m in two minds about this. Yes, Sony were caught sleeping and deserve to be fined for not keeping up to date with their security. But that raises the question of what ‘up to date’ is? Any modern day security system can be seen to be ‘up to date’, right up until it gets broken.

    Now by the sounds of it, Sony were a little far off from having the absolute best security, but it’s not as if it was a a weak system, otherwise it would have been hacked long before it was. In the end, it was a determined criminal act that got through their security, but somehow it’s entirely Sony’s fault? I don’t know about you, but if a bank was robbed by someone blowing a whole through the wall, I wouldn’t start putting all the blame on the bank for not having thick enough walls.

    Comment posted on 24/01/2013 at 09:58.
    • TSBonyman
      Member
      Since: Dec 2009

      My thoughts exactly.

      Comment posted on 24/01/2013 at 10:57.
  7. Starman
    Member
    Since: Jul 2011

    That’s incredibly cheeky of Sony to appeal based on their claim that there’s no evidence card info was used. Stories like bilbo’s & a fair few others I’ve seen across the internet says otherwise. They’ve got off lightly considering.

    On a related note, what happened to the id protection they were meant to be offering to all users affected? I heard the US got it but nothing about the rest of the world.

    Comment posted on 24/01/2013 at 10:48.
    • avengerrr
      Member
      Since: Oct 2012

      Yeah I thought the appealing is a cheek too. The amount of money invested in Sony’s gaming by consumers and security is an absolute necessity. I’d hazard a speculative guess that Sony want to protect their money; whether there is any legal basis for an appeal is beyond me.

      Comment posted on 24/01/2013 at 10:53.
  8. avengerrr
    Member
    Since: Oct 2012

    It was funny how Tretton handled the E3 conference. Pretty clever imo.

    Comment posted on 24/01/2013 at 10:55.
  9. JBoo
    Banned
    Since: Oct 2011

    This comment is hidden.

    Comment posted on 24/01/2013 at 11:09.
  10. gazzagb
    Master of speling mitakse
    Since: Feb 2009

    Quite a small fine for a company as large as Sony, so I hope it definitely stands.

    Comment posted on 24/01/2013 at 11:53.

Leave a Reply

You must be logged in to post a comment.

Latest Comments