UK regulators fine Sony over 2011 PSN security breach

By on January 24, 2013, 11:15 AM

Sony is still dealing with the aftermath from the massive security breach its PlayStation Network suffered in 2011. Although a class action lawsuit against the company was recently dismissed in the US, citing clauses in the terms of service noting that “there is no such thing as perfect security,” UK authorities feel the issue could have nonetheless been prevented and has decided to slap the company with a £250,000 (~$395,000) fine.

The Information Commissioner's Office (ICO) criticized the firm for not having up-to-date security software, and noted that “technical developments” led to passwords not being secure.

"If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," David Smith, deputy commissioner and director of data protection, said in a statement. “Sony should have known better. […] It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe,” he added. The ICO issued a report detailing its findings.

The breach exposed names, addresses, e-mail addresses, dates of birth, and passwords associated with some 77 million accounts. It also put credit card data at risk and resulted in Sony shutting down the network for several weeks. After remaining incredibly quiet for the first few days, the company offered an apology to its users, and launched an identity theft protection program a $1 million insurance policy per user as part of its mitigation measures. Since then the firm has also rebuilt the PlayStation Network system to be more secure.

Sony has until February 13 to pay the fine at a discount of 20% as well as the option to file an appeal. The company is doing the latter, arguing in a statement that it was the victim of a “focused and determined criminal attack” and that there is no evidence that users’ encrypted card details were accessed during the data breach.




User Comments: 2

Got something to say? Post a comment
Burty117 Burty117, TechSpot Chancellor, said:

Meh, I think they should at least get one fine from this, Since the Americans dismissed the attack based on what the terms and conditions say (which literally mean nothing in the UK from experience) they should just pay the fine, my question is, more Xbox 360's have been sold than Playstations, Microsoft have got a reputation of bricking consoles and blocking users from Xbox live because they have modified their console in some way, I'm pretty sure they've annoyed the wrong people just as much as Sony have yet they have never had a security breach?

Timonius Timonius said:

I'm surprised it wasn't the big bad EU knocking on their bank vault.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.