Back in April of 2011, Sony's PlayStation Network was hit with an attack that forced PSN offline for an extended period of time. This week, the UK's Information Commissioner's Office (ICO) has levied a hefty fine against Sony for what it calls 'a serious breach' of the UK's Data Protection Act.
PSN was breached in the spring of 2011 and the data of millions of users compromised. Speaking via a statement released today, David Smith, Deputy Commissioner and Director of Data Protection, said Sony should have been more careful about how it protected users' data.
“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," Smith said. "In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough."
Smith goes on to say that a business of Sony's size, and indeed one that trades on its technical expertise, should have known better. He added that there was no doubt in his mind that Sony had the knowledge and resources to keep the information safe.
The fine imposed on Sony amounts to £250,000, or just shy of $400,000 by today's rates. Smith referred to Sony's breach as one of the most serious ever reported to the ICO.
"The penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft."
Sony has said it will appeal the fine. Speaking to CNet, the company confirmed its plans to appeal and said that criminal attacks on electronic networks are a real aspect of 21st century life.
"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient," Sony told CNet. "The reliability of our network services and the security of our consumers' information are of the utmost importance to us."