Sony Fined £250,000 ($400,000) for 2011 PSN Breach

News
By Jane McEntegart
published

Sony fined for failing to protect users' information.

Back in April of 2011, Sony's PlayStation Network was hit with an attack that forced PSN offline for an extended period of time. This week, the UK's Information Commissioner's Office (ICO) has levied a hefty fine against Sony for what it calls 'a serious breach' of the UK's Data Protection Act.

PSN was breached in the spring of 2011 and the data of millions of users compromised. Speaking via a statement released today, David Smith, Deputy Commissioner and Director of Data Protection, said Sony should have been more careful about how it protected users' data.

“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," Smith said. "In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough."

Smith goes on to say that a business of Sony's size, and indeed one that trades on its technical expertise, should have known better. He added that there was no doubt in his mind that Sony had the knowledge and resources to keep the information safe.

The fine imposed on Sony amounts to £250,000, or just shy of $400,000 by today's rates. Smith referred to Sony's breach as one of the most serious ever reported to the ICO.

"The penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft."

Sony has said it will appeal the fine. Speaking to CNet, the company confirmed its plans to appeal and said that criminal attacks on electronic networks are a real aspect of 21st century life.

"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient," Sony told CNet. "The reliability of our network services and the security of our consumers' information are of the utmost importance to us."

Contact Us for News Tips, Corrections and Feedback               

Jane McEntegart
11 Comments Comment from the forums
  • rantoc
    For their total lack of security and all the consumers who got the fallout - The fine is a laugh. The security flaw used in the hack (sql-injection) was of the nature than any company who even spent 5 min's looking for vulnerabilitys should have found it, such negligence with peoples data should been fined heavier... but then again its a company and they are worth money while peeps apparently are not!

    Sony has said it will appeal the fine! - What a fine company who refuse to pay for their mistakes when their customers got burnt, all that due to their negligence! Last Sony product to ever set its foot in my home, if they don't take responsibility for their mistakes they don't deserve me as a customer!
    Reply
  • boogien8
    The consumer will never see a dime of that money, which is the real crime :(
    Reply
  • cats_Paw
    "Millions" of users, 400.000 dollars, none of that goes to the users.
    Law at its best.
    Reply
  • So I was violated being a PSN user but someone else is getting money from this? Now as boogien8 said that really is the real crime there. I guess when the next hack happens all of us PSN users will have to go to ICO and fine them to supply extra research into the safety and security of my information on PSN.

    I feel that Sony already made good with their 2 free games and month access to PSN+ (which incidently turned me into a PSN+ subscriber for 2 years running) but as far as trusting them with my CC info again... sorry that trust will take a long time to be restored.
    Reply
  • JJ1217
    HAHAHA THEY'RE GONNA APPEAL THE FINE?!?! GOOD LUCK WITH THAT BAHAHAHAHA!!!
    Reply
  • master9716
    Breach in security fine? is UK serious? , So theres a bombing in the UK who gets fined for a breach in security?
    Reply
  • plznote
    Bullshit.
    If the flaw was in governmental servers, there would be no apologies much less a "fine".
    Reply
  • techguy911
    The security flaw that was exploited was over a year old that means who ever was looking after the servers were not doing their job as there was many security patches that were not installed leaving the servers vulnerable.
    So there is no way in hell they will get an appeal, a company that big not looking after their servers deserve that fine that is what you get for cutting corners in server maintenance.
    Reply
  • Sony will appeal the fine. Yes Sony of coarse because it wasn't your fault ye got hacked!
    Reply
  • zulutech
    The ICO is a sham.
    Reply