PlayStation Network breach earns max cash fine from ICO (2 years late)

Chris Burns - Jan 24, 2013, 10:10am CST
PlayStation Network breach earns max cash fine from ICO (2 years late)

This week the folks at the UK-based Information Commissioner’s Office have made it clear that under the Data Protection Act they’ve had “one of the most serious” dealings in history with PlayStation’s privacy blunder up for charge here in 2013. The actual offense that’s being fined occurred back in 2011 when Sony had a security breach and millions of gamers’ information sets were leaked online by hackers. The fine that’s being issued is no more than £250,000, this being the maximum the ICO is able to push against a private company.

Back when the PlayStation Network was cracked, it was no joke – millions of users were exposed to the wild with their names, email addresses, passwords, physical addresses, and dates of birth out in the open for the internet to see. Interestingly enough, it appears that the ICO has found that once the vulnerability that ultimately lead to the hack was made known to Sony, they “failed to address it.” This was back on the 19th of April, 2011, while the most massive wave hit the network in May.

The attack was, according to the ICO, a “focused and determined criminal attack” that to this day has not seen a single entity solidly caught and persecuted (on the hacker end of the equation, anyway.) Though back after the attack occurred several supposed Anonymous hackers claimed responsibility, the larger bulk of the Anonymous collective denied responsibility. This is not the first (and certainly wont be the last) time hackers of all brands have claimed to be part of the collective known as Anonymous while higher-ups deny responsibility for their wild and unassociated underlings.


Sony has responded to the ICO’s fine this week with note that they “strongly disagreed” with the ruling. Mentioning the fact that the ICO found that, “personal data [was] unlikely to have been used for fraudulent purposes” across the board, Sony hopes to avoid any fine – and more importantly, any official admittance of wrongdoing on their part.

“Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defense and working to make our networks safe, secure and resilient. The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack.” – Sony

Sound reasonable to you? How about those of you that were affected by the leak/attack back in 2011, do you feel Sony has made a big enough effort to repair itself?

[via The Guardian]

Must Read Bits & Bytes