Sign in with
Sign up | Sign in

Sony Fined £250,000 ($400,000) for 2011 PSN Breach

By - Source: ICO | B 11 comments

Sony fined for failing to protect users' information.

Back in April of 2011, Sony's PlayStation Network was hit with an attack that forced PSN offline for an extended period of time. This week, the UK's Information Commissioner's Office (ICO) has levied a hefty fine against Sony for what it calls 'a serious breach' of the UK's Data Protection Act.

PSN was breached in the spring of 2011 and the data of millions of users compromised. Speaking via a statement released today, David Smith, Deputy Commissioner and Director of Data Protection, said Sony should have been more careful about how it protected users' data.

“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," Smith said. "In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough."

Smith goes on to say that a business of Sony's size, and indeed one that trades on its technical expertise, should have known better. He added that there was no doubt in his mind that Sony had the knowledge and resources to keep the information safe.

The fine imposed on Sony amounts to £250,000, or just shy of $400,000 by today's rates. Smith referred to Sony's breach as one of the most serious ever reported to the ICO.

"The penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft."

Sony has said it will appeal the fine. Speaking to CNet, the company confirmed its plans to appeal and said that criminal attacks on electronic networks are a real aspect of 21st century life.

"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient," Sony told CNet. "The reliability of our network services and the security of our consumers' information are of the utmost importance to us."

Contact Us for News Tips, Corrections and Feedback               

Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 5 Hide
    rantoc , January 25, 2013 10:07 AM
    For their total lack of security and all the consumers who got the fallout - The fine is a laugh. The security flaw used in the hack (sql-injection) was of the nature than any company who even spent 5 min's looking for vulnerabilitys should have found it, such negligence with peoples data should been fined heavier... but then again its a company and they are worth money while peeps apparently are not!

    Sony has said it will appeal the fine! - What a fine company who refuse to pay for their mistakes when their customers got burnt, all that due to their negligence! Last Sony product to ever set its foot in my home, if they don't take responsibility for their mistakes they don't deserve me as a customer!
  • 4 Hide
    boogien8 , January 25, 2013 10:23 AM
    The consumer will never see a dime of that money, which is the real crime :( 
  • 3 Hide
    cats_Paw , January 25, 2013 10:28 AM
    "Millions" of users, 400.000 dollars, none of that goes to the users.
    Law at its best.
  • Display all 11 comments.
  • 2 Hide
    Anonymous , January 25, 2013 10:33 AM
    So I was violated being a PSN user but someone else is getting money from this? Now as boogien8 said that really is the real crime there. I guess when the next hack happens all of us PSN users will have to go to ICO and fine them to supply extra research into the safety and security of my information on PSN.

    I feel that Sony already made good with their 2 free games and month access to PSN+ (which incidently turned me into a PSN+ subscriber for 2 years running) but as far as trusting them with my CC info again... sorry that trust will take a long time to be restored.
  • 0 Hide
    JJ1217 , January 25, 2013 10:57 AM
  • 1 Hide
    master9716 , January 25, 2013 12:31 PM
    Breach in security fine? is UK serious? , So theres a bombing in the UK who gets fined for a breach in security?
  • 0 Hide
    plznote , January 25, 2013 1:25 PM
    If the flaw was in governmental servers, there would be no apologies much less a "fine".
  • 0 Hide
    techguy911 , January 25, 2013 2:20 PM
    The security flaw that was exploited was over a year old that means who ever was looking after the servers were not doing their job as there was many security patches that were not installed leaving the servers vulnerable.
    So there is no way in hell they will get an appeal, a company that big not looking after their servers deserve that fine that is what you get for cutting corners in server maintenance.
  • 0 Hide
    Anonymous , January 25, 2013 5:03 PM
    Sony will appeal the fine. Yes Sony of coarse because it wasn't your fault ye got hacked!
  • 0 Hide
    zulutech , January 25, 2013 6:36 PM
    The ICO is a sham.
  • 0 Hide
    xiinc37 , January 25, 2013 6:54 PM
    It costs $400,000 to breach the Playstation Network, for 12 seconds.