January 24th, 2013, 22:46 PM
Sony Slapped With £250k Fine For 2011 PSN Breach
Sony has been slapped with a £250,000 fine for failing to adequately fend off hacks of its network, which hit its gaming arm in April 2011, but the electronics giant is gearing up for an appeal.
Almost two years after PlayStation Network (PSN) servers were hacked, and data on 77 million global gamers compromised, the Information Commissioner’s Office (ICO) has finally taken action. As many as three million were believed to have been affected in the UK.
It has taken some time for the ICO to come to a conclusion, having kicked off an investigation in April 2011. The data privacy watchdog told TechWeekEurope in March last year it was likely to issue a decision on the PSN hack within six weeks. The information commissioner himself, Christopher Graham, told this publication in early November a decision was imminent.
The ICO told TechWeekEurope today it had been faced with a strong backlash from Sony’s lawyers, after it informed the company it was planning on issuing a fine.
“Sony Computer Entertainment Europe’s lawyers sent back lengthy representations explaining their position in some technical detail,” a spokesperson explained. “We then needed to go through them this end, before ultimately deciding to issue the Civil Monetary Penalty Notice you see today.”
Sony was battered by hackers and hacktivists in 2011, with over 100 million users eventually affected. The PlayStation maker came in for heavy criticism for allegedly weak security surrounding its PSN community. It responded by offering repeated apologies and compensation, including free games, to users, as well as employing its first ever chief information security officer (CISO).
Sony said it “strongly disagrees with the ICO’s ruling and is planning an appeal”. “SCEE [Sony Computer Entertainment Europe] notes, however, that the ICO recognises Sony was the victim of ‘a focused and determined criminal attack,’ that ‘there is no evidence that encrypted payment card details were accessed,’ and that ‘personal data is unlikely to have been used for fraudulent purposes’ following the attack on the PSN.”