Sony fined for PSN breach of 2011

Sony’s European subsidiary has been fined by a UK watchdog and criticised for failing to properly secure customer data before hackers attacked its PlayStation Network in 2011, reports Financial Times.

Information Commissioner’s Office fined the electronics maker £250,000 for the breach, in which names, addresses, email addresses, dates of birth and passwords for millions of customers were accessed by hackers.

The fine against Sony Computer Entertainment Europe is the third-largest imposed by the ICO, which is charged with enforcing the Data Protection Act in the UK but cannot issue penalties of more than £500,000. The two larger fines were both handed to local authorities. Sony can pay a lower amount of £200,000 if it settles the fine by February 13 – a standard incentive for ICO fines.

The commissioner’s office said the 2011 attack could have been prevented if the network’s software had been up-to-date and that technical developments had made passwords unsecure. David Smith, deputy commissioner and director of data protection, said Sony was a company that traded on its technical expertise and therefore should have had the knowhow to keep customer data safe.

Sony said on Thursday that it planned to appeal against the fine. The company pointed to lines in the penalty notice that said there was no evidence that encrypted card payment details were accessed and that personal data were unlikely to have been used for fraudulent purposes after the attack.

Share: