Sony Fined £250,000 ($400,000) for 2011 PSN Breach

Back in April of 2011, Sony's PlayStation Network was hit with an attack that forced PSN offline for an extended period of time. This week, the UK's Information Commissioner's Office (ICO) has levied a hefty fine against Sony for what it calls 'a serious breach' of the UK's Data Protection Act.

PSN was breached in the spring of 2011 and the data of millions of users compromised. Speaking via a statement released today, David Smith, Deputy Commissioner and Director of Data Protection, said Sony should have been more careful about how it protected users' data.

“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," Smith said. "In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough."

Smith goes on to say that a business of Sony's size, and indeed one that trades on its technical expertise, should have known better. He added that there was no doubt in his mind that Sony had the knowledge and resources to keep the information safe.

The fine imposed on Sony amounts to £250,000, or just shy of $400,000 by today's rates. Smith referred to Sony's breach as one of the most serious ever reported to the ICO.

"The penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft."

Sony has said it will appeal the fine. Speaking to CNet, the company confirmed its plans to appeal and said that criminal attacks on electronic networks are a real aspect of 21st century life.

"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient," Sony told CNet. "The reliability of our network services and the security of our consumers' information are of the utmost importance to us."

Contact Us for News Tips, Corrections and Feedback               

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
11 comments
    Your comment
  • rantoc
    For their total lack of security and all the consumers who got the fallout - The fine is a laugh. The security flaw used in the hack (sql-injection) was of the nature than any company who even spent 5 min's looking for vulnerabilitys should have found it, such negligence with peoples data should been fined heavier... but then again its a company and they are worth money while peeps apparently are not!

    Sony has said it will appeal the fine! - What a fine company who refuse to pay for their mistakes when their customers got burnt, all that due to their negligence! Last Sony product to ever set its foot in my home, if they don't take responsibility for their mistakes they don't deserve me as a customer!
    5
  • boogien8
    The consumer will never see a dime of that money, which is the real crime :(
    4
  • cats_Paw
    "Millions" of users, 400.000 dollars, none of that goes to the users.
    Law at its best.
    3