Sony Europe has been fined £250,000 by the UK Information Commissioner’s Office (ICO) for the 2011 global PlayStation Network hack, which forced the server offline for 24 days and “compromised the personal information for millions of users”, Martin Gaston for Gamespot writes on Jan. 24.
Sony says it plans on appealing the ruling.
The ICO, meanwhile, which is an independent UK regulatory office which seeks to uphold information rights for individuals, says “Sony had put the personal information of its customers at ‘unnecessary risk’ and had ‘let everybody down’ for failing to ensure such information could not be accessed during the much-publicised hack in April 2011.”
"We make no apologies for the penalty in this case," said David Smith, ICO deputy information commissioner and director of data protection, in a public statement. "It's a big penalty, it's quarter of a million pounds, but this is probably the most serious breach that we've had reported to us."
The ICO goes on to say how the hack could have been prevented had security been up-to-date. "Security is first and foremost the responsibility of the business and Sony let everybody down here,” Smith says.
In a statement released to Gamespot, Sony says, “Sony Computer Entertainment Europe strongly disagrees with the ICO’s ruling and is planning an appeal." Their statement goes on to say that they—the SCEE—recognizes that there was “a focused and determined criminal attack”, but that there was no “encrypted payment card details” or “personal data” was used for “fraudulent purposes”.
“Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems,“ the statement concludes.
During the 2011 hack, some began to suspect that hackers were stealing PSN users’ personal information, including credit card information. Sony said it was unlikely: “The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”
Sony CEO Kaz Hirai personally apologized for the attack, and for compensation offered several free games to users for both the downtime and the possibility of threat to their personal information and accounts.
For more information, as well as the full statement from Sony released to Gamespot, check out Martin Gaston’s article here.