Sony to pay £250,000 fine for PlayStation Network breach

Filed Under: Data loss, Featured, Malware, Spam, Vulnerability

PlayStation NetworkSony has thrown in the towel on its appeal of a £250,000 fine ($377,500) imposed after its PlayStation Network was hacked in April 2011.

The UK Information Commissioner's Office (ICO) imposed the fine in January after an investigation showed that the attack could have been prevented if Sony's software had been up to date.

On top of that, the ICO, finding that technical developments led to passwords not being secure, also charged Sony with negligence for failing to protect PlayStation Network (PSN) users.

The breach was huge.

An apologetic Sony admitted within a few weeks that it was contacting users about 77 million possibly affected accounts.

Breached personal information of those millions of customers included names, addresses, email addresses, dates of birth and account passwords.

It was feared at the time that payment card details were also compromised.

Sony said that the credit card data was, in fact, encrypted, but the strength of the encryption was a question mark it didn't address.

According to the BBC, Sony said on Monday that it still disagrees with the verdict but that keeping up the fight would risk exposing sensitive security data.

What does that mean? One could conjecture that were Sony to keep fighting the fine, it might have had to let the light shine in on the strength of the encryption that it claims was protecting its credit card data, but at this point, only Sony knows what sensitive security data it's talking about.

This is what a Sony spokesman told the BBC:

"This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding.

"We continue to disagree with the decision on the merits."

Sony can continue to disagree for as long as it likes, but let's just hope that the company means what it says when it claims to be continually working to make its networks "safe, secure and resilient" from attacks.

As it is, gaming companies have become a favorite toy for hackers to bat around for fun and profit.

Some recent companies that have fallen prey:

Game over. Image courtesy of ShutterstockPassword changes were necessitated by all of these incidents.

And even if credit card data was properly encrypted at Sony or wasn't breached during the more recent attacks, these breaches are, nonetheless, still potentially dangerous.

Exposure of personal information can lead to criminals breaking into users' other accounts (which is why you should always use unique passwords), as well as phishing scams or malware attacks that can be all the more convincing given that scammers know your email and snail mail addresses.

The stakes are high, and the criminal element obviously finds online gaming particularly appealing.

Be careful, gamers - it's a jungle out there.

Image of game over courtesy of Shutterstock.

, , , , , ,

You might like

6 Responses to Sony to pay £250,000 fine for PlayStation Network breach

  1. Machin Shin · 461 days ago

    It is really amazing to me they got off that easy. I mean $377,500 seems like a lot, but not when you think about the fact that this is SONY we are talking about. The CEO can probably shake that much out of his couch cushions.

    Shoot, they probably dropped the appeal when they realized they could save more than that by just not having to pay their lawyer that month.

    • JRD · 461 days ago

      The fine is tiny but the precedent it sets might be far reaching.
      The company was found responsible because it wasn't up-to-date on patches.
      It seems like there is a new gigantic privacy breach at least once a week. Will all of those other companies start facing lawsuits, as well?
      Should they?

  2. brianc6234 · 461 days ago

    How about leaving Sony alone and fining the hackers $10 million? That seems more fair.

  3. Arnold283 · 431 days ago

    Nothings ever full proof but I hate Sony's response to this attack.

    Shortly after the attack, Sony changes its in terms and conditions which now prevents them form been used by users or groups of users and preventing the laws of your own country from effecting their terms and conditions. An absolute power dictatorship?

    All we needed was reassurance that they would investigate the matter, additional security would be put in place to prevent this matter. Optionally (but advisably) offer some minor compensation to their customers.

    And and a 250k fine, for a massive electronics company not even worth their time or lawyers fees to dispute

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.