Sony fined £250,000 after hackers gained access to millions of gamers' details

Filed Under: Data loss, Law & order, Privacy

Remember the Sony PlayStation Network hack of 2011?

PlayStation Network maintenance message

Aside from causing the online gaming service to be taken offline for days as Sony system administrators scrabbled to secure the system, the personal information of millions of users was exposed during the hack attack.

Compromised data included of millions of customers' names, addresses, email addresses, dates of birth and passwords. Payment card details were also put at risk.

The April attack by hackers against the Sony Playstation Network heralded a series of other (over a dozen!) attacks against Sony websites around the world in the following months.

Today, the UK's Information Commissioner's Office has announced that it has issued a £250,000 fine against Sony for breaching the Data Protection Act.

David Smith, Deputy Commissioner and Director of Data Protection at the ICO, told the media that Sony should have done a better job at protecting its customers:

"If you are responsible for so many payment card details and login details then keeping that personal data secure has to be your priority. In this case that just didn't happen, and when the database was targeted - albeit in a determined criminal attack - the security measures in place were simply not good enough."

"There's no disguising that this is a business that should have known better. It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe."

Sony says it has since rebuilt its Playstation Network to better secure its users' data.

Sony PlayStation NetworkAny company which is storing sensitive information about its customers should be doing everything in its power to prevent unauthorised access to the data.

That doesn't just mean ensuring that your website is written securely, and that your servers are protected with up-to-date software and security patches but also that sensitive information is encrypted securely. Then, even if the data does fall into the hands of the bad guys, they can't do anything with it.

A fine sends a strong message to other company that sloppiness when it comes to data security is not acceptable.

How many headlines do there have to be before companies take the issue more seriously?

, , , , , , ,

You might like

4 Responses to Sony fined £250,000 after hackers gained access to millions of gamers' details

  1. Brian M. · 985 days ago

    Perhaps Sony's security measures were not up to par but no matter how much security you implement, if a hacker is determined enough, they get through it.

    I agree that companies should do everything they possibly can to safeguard customer information but sometimes that's not enough and there's no one to blame other than the hacker!

  2. ian hardei · 985 days ago

    pathetic - as if a company like Sony would notice a £250,000 fine.

    sends out all the wrong messages

  3. GuitarBob · 985 days ago

    Many (most?) companies are concerned with the money they make from their activity and keeping costs low, so even customer security gets a back seat to those two objectives. Pathetic is right!


    • roy jones jr · 981 days ago

      In Sony's case, yes. Only because they get targeted like Microsoft, but Sony just doesn't care. Time & time again in these public articles and other articles they show how they run their business.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley