Sony has been fined £250,000 over 2011’s PSN hack, due to a “serious breach” of the Data Protection Act, according to the BBC this morning.
The Information Commissioner’s Office said that Sony’s security software was not up to date, and that the hack could have been prevented.
The ICO also said, in their report, that user passwords were not secure, and that names, addresses, dates of birth and payment card information could have been at risk.
[videoyoutube]”If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority,” said David Smith, deputy commissioner and director of data protection at the ICO.”“In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough,” Smith added.
The ICO said that the security lapse was the “most serious it had ever seen,” and “there’s no disguising that this is a business that should have known better.”
This post on the 21st of April seems so innocent and naive, but it soon escalated. Sony first kept quiet on the matter, saying it would be up much sooner than it was. Users were kept guessing as Sony tried to scramble to figure out what had happened and how to best address the news to its subscribers.
It was huge news, with that month generating a huge amount of interest in what was going on with Sony and the hack. At the time of writing we’ve got four pages of posts relating to it.
Then, five days later, this happened. The internet exploded.
Sony has since said that the PSN is more secure than ever.
Sony Europe will appeal against the fine, with a statement claiming “there is no evidence that encrypted payment card details were accessed,” and added that “personal data is unlikely to have been used for fraudulent purposes.”
“The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack.”
Taylor Made
That’s not too bad quarter of a milli, it could have been worse. Does this company who is charging them cover worldwide or it’s just one part of the country if that makes sense
Alex C
It’s the UK only.
The ICO were involved nearly two years ago. http://www.thesixthaxis.com/2011/04/27/information-commissioners-office-set-to-quiz-sony/
Taylor Made
So other countries are likely to also charge Sony then?
Alex C
I’d imagine not.
bowie
Taylor Made, I believe in several countries the cases against Sony have either been dismissed or gone in Sony’s favour. In California a case against Sony was thrown out and in Australia the Privacy Commissioner cleared them. That said it is hard to evaluate the merits of these and the ICO judgements as there is so little accurate information available to the general public just a lot of hearsay, speculation and nebulous comments.
http://www.techradar.com/au/news/gaming/consoles/sony-psn-hacking-lawsuit-thrown-out-by-judge-1106766
http://www.computerworld.com.au/article/402498/privacy_commissioner_clears_sony_over_psn_hack_/
carson321
So does this money go to the government??
ron_mcphatty
That’s a good question, I’ve always wondered where the cash from these fines go? Is it used to fund the regulator or is it just an enforced budget that SCEE then have to spend on security improvements?
carson321
That’s not a bad idea, though of course they will already have spent so much money and improved the security since then, at least I hope they have!
*Anyone seen the key to the back door? I think Jo had it last*
John Malcolm
Regardless of where the money goes, I know it’s not going to me for all the hassle I suffered, worrying about security, changing passwords, setting up new email accounts etc.
No, the money probably goes into some government pot of some kind, possibly for dolling out to their rich friends in the banking industry (instead of those who were inconvenienced) so they can buy another Veyron or super yacht – yes, I AM bitter and twisted!
Sympozium
Duck houses
cc_star
Usually fines go in to the regulator’s pot, although who knows these days.
It may end up buying a democracy bomb to drop on some remote African village.
ron_mcphatty
I might write to the ICO, I’d really like a new car!
avengerrr
I’m surprised it was such a small amount for such a big incident. Should be water of a duck’s back for Sony surely.
carson321
Not with the way their financials across the board are at the minute!
ABlokeCalledDaz
Yes, and they’ve got the PS4 to finance.
Bilbo_bobbins
Is that all, for millions of peoples passwords and accounts, one of which mine had thousands of pounds taken out from this? I’m appalled to be honest.
I love Sony, but this is a joke fine IMO. Though Sony have lost a lot of money from me since, as I haven’t used PSN since then. Just realised that its a long time too.
Alex C
It’s the UK only, but yeah, it’s quite small.
I don’t think I’ve put my card details in since, either.
funkyellowmonkey(ps3 id)
Just remember to delete card details doing your transactions and or wait till Paypal is fully usable on it? :)
Tuffcub
The fine takes in to account the huge amount of business lost and the battering Sony’s share price took – if you look at those then the “fine” cost them hundreds of millions.
That’s why this is 250K, Sony have already lost a massive amount of money for being stupid – bascially they punished themselves.
Bilbo_bobbins
I totally understand, but that’s their own fault and rightly so. If a regulator only gives a small fine, it’s not much incentive for others and Sony to worry about it again, because they hardly got a ticking off about it.
I’m disgusted to be honest. Always the same though with regulators, there is no point them actually being there in the first place.
LTG Davey
Should have been so much more.
Alex C
Apparently the maximum is 500k.
KeRaSh
They said this was the most serious case they’ve had so far. A fine closer to the maximum would have been quite fitting.
Takyu
I’m in two minds about this. Yes, Sony were caught sleeping and deserve to be fined for not keeping up to date with their security. But that raises the question of what ‘up to date’ is? Any modern day security system can be seen to be ‘up to date’, right up until it gets broken.
Now by the sounds of it, Sony were a little far off from having the absolute best security, but it’s not as if it was a a weak system, otherwise it would have been hacked long before it was. In the end, it was a determined criminal act that got through their security, but somehow it’s entirely Sony’s fault? I don’t know about you, but if a bank was robbed by someone blowing a whole through the wall, I wouldn’t start putting all the blame on the bank for not having thick enough walls.
TSBonyman
My thoughts exactly.
Starman
That’s incredibly cheeky of Sony to appeal based on their claim that there’s no evidence card info was used. Stories like bilbo’s & a fair few others I’ve seen across the internet says otherwise. They’ve got off lightly considering.
On a related note, what happened to the id protection they were meant to be offering to all users affected? I heard the US got it but nothing about the rest of the world.
avengerrr
Yeah I thought the appealing is a cheek too. The amount of money invested in Sony’s gaming by consumers and security is an absolute necessity. I’d hazard a speculative guess that Sony want to protect their money; whether there is any legal basis for an appeal is beyond me.
avengerrr
It was funny how Tretton handled the E3 conference. Pretty clever imo.
JBoo
Hmm, i wonder how many times the ‘UK government agency’ have been hacked in the past??? Loads i bet!!! LoL:D
Sympozium
seriously?
gazzagb
Quite a small fine for a company as large as Sony, so I hope it definitely stands.