Sony fined over 'preventable' PlayStation data hack

Simon Entwistle, Information Commissioner's Office, told the BBC that Sony "could have done more"

Related Stories

Sony Computer Entertainment Europe has been fined £250,000 ($396,100) following a "serious breach" of the Data Protection Act.

UK authorities said a hack in April 2011 "could have been prevented".

The Information Commissioner's Office (ICO) criticised the entertainment giant for not having up-to-date security software.

Sony told the BBC it "strongly disagreed" with the ruling and planned to appeal.

"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient," a spokesman for the firm added.

The company had previously apologised for the hack which saw its PlayStation Network knocked offline for several days. In May 2011 company executives bowed in public and offered users free games to show their remorse.

'Not good enough'

The ICO's report said technical developments had led to user passwords not being secure - leaving data such as names, addresses, dates of birth and payment card information at risk.

Sony executive vice president and Sony Computer Entertainment president Kazuo Hirai Sony executives made a public apology for the Playstation hack in May 2011

"If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," said David Smith, deputy commissioner and director of data protection at the ICO.

"In this case that just didn't happen, and when the database was targeted - albeit in a determined criminal attack - the security measures in place were simply not good enough."

Since the hack, which angered gamers who wanted to play over 2011's Easter weekend, Sony has said it has rebuilt the PlayStation Network system to be more secure.

But the ICO said the fine reflected the severity of the security lapse, adding that it was among the most serious it had ever seen.

"There's no disguising that this is a business that should have known better," Mr Smith added.

"It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe."

One positive from the hack, Mr Smith said, was that polls conducted after the breach suggested a greater awareness of the risks in handing over personal data.

More on This Story

Related Stories

More Technology stories

RSS

Features & Analysis

BBC Future

(SPL)

The odd way robots see the world

What bots see is nothing like your vision Read more...

Programmes

  • David RudishaExtra Time Watch

    How Kenyan athlete David Rudisha hopes to improve his 800m world record

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.