January 24, 2013
Sony Europe Fined $375K Over 2011 Data Breach
Michael Harper for redOrbit.com — Your Universe Online
In April of 2011, hackers broke into Sony´s PlayStation Network, bringing the service to its knees and exposing the personal information of millions of customers. More than a year and a half later, the Information Commissioners Office, (ICO) a British watchdog group, has fined Sony Computer Entertainment Europe Limited £250,000, more than $395,000 USD, in response to this breach. According to the ICO, these data leaks were a serious offense to the Data Protection Act.
The ICO launched an investigation into these leaks and found that updated software on Sony´s networks could have prevented the breach. Furthermore, the ICO claims Sony hadn´t been using strong enough passwords to secure their customers´ data.
“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority,” explained David Smith, deputy commissioner and director of data protection for the ICO in a statement to the press.
“In this case that just didn´t happen, and when the database was targeted — albeit in a determined criminal attack — the security measures in place were simply not good enough.”
Smith continues to mention that Sony´s supposed “technical expertise” should have prevented the breach, saying the company already knew what could have been done to protect its customers.
According to the Guardian, the ICO launched their investigation immediately following the breach in 2011, calling it “one of the most serious” cases that had ever been reported to them. As a result of this breach, the ICO has said “millions” of Sony´s PlayStation Network customers were placed in jeopardy. Account passwords, credit card numbers, dates of birth and names were all leaked as a result of the breach. Sony didn´t escape the breach unscathed, however. Sony´s stock prices fell in the days following the breach as investors wondered if such a catastrophe could one day happen again. The penalty is a stiff one, the third largest ever issued by the ICO.
“The penalty we´ve issued today is clearly substantial, but we make no apologies for that,” continued Smith in the press statement.
“If there´s any bright side to this it´s that a PR Week poll shortly after the breach found the case had left 77 percent of consumers more cautious about giving their personal details to other websites. Companies certainly need to get their act together but we all need to be careful about who we disclose our personal information to.”
At the end of the ICO´s statement, Smith mentions that Sony has already improved their networks, offering a more secure platform and better processes to keep their customers secure. Yet, even though the ICO has acknowledged that things have improved on Sony´s network, they still saw it fit to issue this fine against them.
Following the breach, another data watchdog group from Australia also decided to investigate the security of Sony´s platform. According to Australian Privacy Commissioner Timothy Pilgrim, SCE Australia hadn´t violated their privacy act.
"I found no evidence that Sony intentionally disclosed any personal information to a third party. Rather, its Network Platform was hacked into,” wrote Pilgrim in a statement published by ZDNet, further noting that Sony had taken steps to protect the information of their customers.