Sony fined over the 2011 PSN hack

Sony Computer Entertainment Europe has been fined £250,000 ($396,100) following a "serious breach" of the Data Protection Act.

UK authorities said a hack in April 2011 "could have been prevented".

The Information Commissioner's Office (ICO) criticised the entertainment giant for not having up-to-date security software.

Sony told the BBC it "strongly disagreed" with the ruling and planned to appeal.

"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient," a spokesman for the firm added.

The company had previously apologised for the hack which saw its PlayStation Network knocked offline for several days. In May 2011 company executives bowed in public and offered users free games to show their remorse.

'Not good enough'

The ICO's report said technical developments had led to user passwords not being secure - leaving data such as names, addresses, dates of birth and payment card information at risk.

"If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," said David Smith, deputy commissioner and director of data protection at the ICO.




"In this case that just didn't happen, and when the database was targeted - albeit in a determined criminal attack - the security measures in place were simply not good enough."

Since the hack, which angered gamers who wanted to play over 2011's Easter weekend, Sony has said it has rebuilt the PlayStation Network system to be more secure.

But the ICO said the fine reflected the severity of the security lapse, adding that it was among the most serious it had ever seen.

"There's no disguising that this is a business that should have known better," Mr Smith added.

"It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe."

One positive from the hack, Mr Smith said, was that polls conducted after the breach suggested a greater awareness of the risks in handing over personal data

a quarter million? thats really low in my opinion. For what kind of data they lost and the amount of it, it should be way higher

I agree mate however I do believe that it's the largest amount the ICO can place on a fine

Thanatos Rogue wrote:a quarter million? thats really low in my opinion.

This was my first thought as well. Its a bullshit amount if that is the maximum fine that can be levied and it should be more - the maximum fine level should act as a deterrent to ensure companies do their absolute best to ensure data is kept safe.

these are all multi million company's. they CEO's there scratch their buttholes and they earned the money back.
Secondly if they try to warn other company's like this, this fine wont do the job...

I agree mate, data protection is a joke in this country. My job has "strict" rules around it which is why I know about the ICO's fines but tbh people in the office disregard these laws every single day......