Sony Corporation (NYSE:SNE) has been fined 250,000 pounds ($396,100) by British regulators for its inability to prevent the loss of data due to a cyber attack on its PlayStation Network in 2011. The PlayStation Network stores millions of users' personal information, including names, addresses, birth dates and account passwords.
David Smith, deputy commissioner and director of data protection said “If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.”
On Thursday, Britain's Information Commissioner's Office (ICO) said protection measures at that time “were simply not good enough." As per the agency, if the security measures had been up to date, attack could have been prevented.
“The penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft,” Smith added.
The cyber attack, in April 2011, risked the personal details of 70 million users of the PlayStation Network and Sony Corporation (NYSE:SNE)’s Qriocity streaming service. Apart from the personal information, credit card details were also at risk. Though, the company soon claimed after the attack that it had encrypted all financial data. The attack closed Sony's PSN for several weeks. In May, company officials publicly apologized for the hack, offering free games to all PSN users.
A spokesperson from Sony, in a statement to TNW, said the company will appeal against the decision. The statement from the company strongly disagrees with the ICO’s ruling. It says that the ICO accepts that Sony was the victim of “a focused and determined criminal attack,” that “there is no evidence that encrypted payment card details were accessed,” and that “personal data is unlikely to have been used for fraudulent purposes” following the cyber attack on the PlayStation Network.
The statement says “Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony Corporation (NYSE:SNE) continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient. The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack.”