Sony Fined £250,000 Over PSN Hack

Sony has been fined £250,000 over 2011’s PSN hack, due to a “serious breach” of the Data Protection Act, according to the BBC this morning.

The Information Commissioner’s Office said that Sony’s security software was not up to date, and that the hack could have been prevented.

The ICO also said, in their report, that user passwords were not secure, and that names, addresses, dates of birth and payment card information could have been at risk.

[videoyoutube]”If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority,” said David Smith, deputy commissioner and director of data protection at the ICO.”

“In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough,” Smith added.

The ICO said that the security lapse was the “most serious it had ever seen,” and “there’s no disguising that this is a business that should have known better.”

This post on the 21st of April seems so innocent and naive, but it soon escalated. Sony first kept quiet on the matter, saying it would be up much sooner than it was. Users were kept guessing as Sony tried to scramble to figure out what had happened and how to best address the news to its subscribers.

It was huge news, with that month generating a huge amount of interest in what was going on with Sony and the hack. At the time of writing we’ve got four pages of posts relating to it.

Then, five days later, this happened. The internet exploded.

Sony has since said that the PSN is more secure than ever.

Sony Europe will appeal against the fine, with a statement claiming “there is no evidence that encrypted payment card details were accessed,” and added that “personal data is unlikely to have been used for fraudulent purposes.”

“The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack.”

37 Comments

  1. That’s not too bad quarter of a milli, it could have been worse. Does this company who is charging them cover worldwide or it’s just one part of the country if that makes sense

  2. So does this money go to the government??

    • That’s a good question, I’ve always wondered where the cash from these fines go? Is it used to fund the regulator or is it just an enforced budget that SCEE then have to spend on security improvements?

      • That’s not a bad idea, though of course they will already have spent so much money and improved the security since then, at least I hope they have!

        *Anyone seen the key to the back door? I think Jo had it last*

      • Regardless of where the money goes, I know it’s not going to me for all the hassle I suffered, worrying about security, changing passwords, setting up new email accounts etc.

        No, the money probably goes into some government pot of some kind, possibly for dolling out to their rich friends in the banking industry (instead of those who were inconvenienced) so they can buy another Veyron or super yacht – yes, I AM bitter and twisted!

      • Duck houses

    • Usually fines go in to the regulator’s pot, although who knows these days.
      It may end up buying a democracy bomb to drop on some remote African village.

      • I might write to the ICO, I’d really like a new car!

  3. I’m surprised it was such a small amount for such a big incident. Should be water of a duck’s back for Sony surely.

    • Not with the way their financials across the board are at the minute!

      • Yes, and they’ve got the PS4 to finance.

  4. Is that all, for millions of peoples passwords and accounts, one of which mine had thousands of pounds taken out from this? I’m appalled to be honest.

    I love Sony, but this is a joke fine IMO. Though Sony have lost a lot of money from me since, as I haven’t used PSN since then. Just realised that its a long time too.

    • It’s the UK only, but yeah, it’s quite small.

      I don’t think I’ve put my card details in since, either.

      • Just remember to delete card details doing your transactions and or wait till Paypal is fully usable on it? :)

    • The fine takes in to account the huge amount of business lost and the battering Sony’s share price took – if you look at those then the “fine” cost them hundreds of millions.

      That’s why this is 250K, Sony have already lost a massive amount of money for being stupid – bascially they punished themselves.

      • I totally understand, but that’s their own fault and rightly so. If a regulator only gives a small fine, it’s not much incentive for others and Sony to worry about it again, because they hardly got a ticking off about it.

        I’m disgusted to be honest. Always the same though with regulators, there is no point them actually being there in the first place.

  5. Should have been so much more.

    • Apparently the maximum is 500k.

      • They said this was the most serious case they’ve had so far. A fine closer to the maximum would have been quite fitting.

  6. I’m in two minds about this. Yes, Sony were caught sleeping and deserve to be fined for not keeping up to date with their security. But that raises the question of what ‘up to date’ is? Any modern day security system can be seen to be ‘up to date’, right up until it gets broken.

    Now by the sounds of it, Sony were a little far off from having the absolute best security, but it’s not as if it was a a weak system, otherwise it would have been hacked long before it was. In the end, it was a determined criminal act that got through their security, but somehow it’s entirely Sony’s fault? I don’t know about you, but if a bank was robbed by someone blowing a whole through the wall, I wouldn’t start putting all the blame on the bank for not having thick enough walls.

  7. That’s incredibly cheeky of Sony to appeal based on their claim that there’s no evidence card info was used. Stories like bilbo’s & a fair few others I’ve seen across the internet says otherwise. They’ve got off lightly considering.

    On a related note, what happened to the id protection they were meant to be offering to all users affected? I heard the US got it but nothing about the rest of the world.

    • Yeah I thought the appealing is a cheek too. The amount of money invested in Sony’s gaming by consumers and security is an absolute necessity. I’d hazard a speculative guess that Sony want to protect their money; whether there is any legal basis for an appeal is beyond me.

  8. It was funny how Tretton handled the E3 conference. Pretty clever imo.

  9. Hmm, i wonder how many times the ‘UK government agency’ have been hacked in the past??? Loads i bet!!! LoL:D

  10. Quite a small fine for a company as large as Sony, so I hope it definitely stands.

Comments are now closed for this post.