As reported by BBC this morning, Sony Computer Entertainment in Europe has been fined £250,000 or about $396,100 because of the 2011 PlayStation Network hack incident. The incident is said to be a “serious breach” of Data Protection Act.
SCEE Overlooking Data Protection Matters
The Information Commissioner’s Office revealed that Sony’s security was up to date, and that the hack could have been prevented. They also reported that user passwords were not secure, and that names, addresses, birth date, and payment card information could have been at risk. According to ICO’s Deputy Commissioner and Director of Data Protection David Smith:
If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted—albeit in a determined criminal attack—the security measures in place were simply not good enough.
It should be noted that the PSN went down last April 2011, but the company kept quiet about it and saying that it would be up again soon. The news gained media attention, and then the Internet exploded five days after that.
The issue angered PlayStation users, especially those who wanted to play over 2011’s Easter weekend. Sony apologized for the hack, which saw its PSN knocked offline for a couple of days. In May 2011, the execs bowed in public and offered users free games to show their remorse. Since then, the company has reiterated that the PSN is more secure than ever.
Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defense and working to make our networks safe, secure and resilient.
Sony Europe to Appeal against the Fine
In relation to this, SCEE “strongly disagreed” with the decision and plans to appeal against the fine. The company claims that “there is no evidence that encrypted payment card details were accessed.” They also pointed out that it is unlikely that personal data have been used for fraudulent purposes.
The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack.