Sony has thrown in the towel on its appeal of a £250,000 fine ($377,500) imposed after its PlayStation Network was hacked in April 2011.
The UK Information Commissioner’s Office (ICO) imposed the fine in January after an investigation showed that the attack could have been prevented if Sony’s software had been up to date.
On top of that, the ICO, finding that technical developments led to passwords not being secure, also charged Sony with negligence for failing to protect PlayStation Network (PSN) users.
The breach was huge.
An apologetic Sony admitted within a few weeks that it was contacting users about 77 million possibly affected accounts.
Breached personal information of those millions of customers included names, addresses, email addresses, dates of birth and account passwords.
It was feared at the time that payment card details were also compromised.
Sony said that the credit card data was, in fact, encrypted, but the strength of the encryption was a question mark it didn’t address.
According to the BBC, Sony said on Monday that it still disagrees with the verdict but that keeping up the fight would risk exposing sensitive security data.
What does that mean? One could conjecture that were Sony to keep fighting the fine, it might have had to let the light shine in on the strength of the encryption that it claims was protecting its credit card data, but at this point, only Sony knows what sensitive security data it’s talking about.
This is what a Sony spokesman told the BBC:
"This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding.
"We continue to disagree with the decision on the merits."
Sony can continue to disagree for as long as it likes, but let’s just hope that the company means what it says when it claims to be continually working to make its networks “safe, secure and resilient” from attacks.
As it is, gaming companies have become a favorite toy for hackers to bat around for fun and profit.
Some recent companies that have fallen prey:
- In early July, Hackers attacked Ubisoft’s account database, getting at user names, email addresses and encrypted passwords.
- Konami has revealed that from 13 June to 7 July, it spotted 35,000 successful logins after hackers hit it with 4 million attempts. Names, addresses, dates of birth, telephone numbers, and email addresses may have been exposed.
Password changes were necessitated by all of these incidents.
And even if credit card data was properly encrypted at Sony or wasn’t breached during the more recent attacks, these breaches are, nonetheless, still potentially dangerous.
Exposure of personal information can lead to criminals breaking into users’ other accounts (which is why you should always use unique passwords), as well as phishing scams or malware attacks that can be all the more convincing given that scammers know your email and snail mail addresses.
The stakes are high, and the criminal element obviously finds online gaming particularly appealing.
Be careful, gamers – it’s a jungle out there.Follow @NakedSecurity