UK regulatory body says Sony "let everybody down" regarding the hack, but the platform holder intends to appeal the ruling.
Sony Computer Entertainment Europe has been fined £250,000 by the UK Information Commissioner's Office (ICO) for its part in the global 2011 PlayStation Network breach which forced the service offline for 24 days and compromised the personal information of millions of users. The PlayStation owner says it intends to fight the ruling.
The ICO, an independent UK regulatory office which looks to uphold information rights, said Sony had put the personal information of its customers at "unnecessary risk" and had "let everybody down" for failing to ensure such information could not be accessed during the much-publicised hack in April 2011.
"We make no apologies for the penalty in this case," said David Smith, ICO deputy information commissioner and director of data protection, in a public statement. "It's a big penalty, it's quarter of a million pounds, but this is probably the most serious breach that we've had reported to us."
The ICO investigation concluded the hack "could have been prevented if the software had been up-to-date."
"Security is first and foremost the responsibility of the business and Sony let everybody down here," added Smith.
In a statement issued to GameSpot, Sony said it plans to fight the ruling. "Sony Computer Entertainment Europe strongly disagrees with the ICO’s ruling and is planning an appeal."
"SCEE notes, however, that the ICO recognises Sony was the victim of 'a focused and determined criminal attack,' that 'there is no evidence that encrypted payment card details were accessed,' and that 'personal data is unlikely to have been used for fraudulent purposes' following the attack on the PlayStation Network."
"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient. The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack."
During 2011's PlayStation Network outage there was much speculation about whether hackers had managed to obtain users' credit card information. After eight days of downtime, however, Sony said it was unlikely such details were obtained. "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack," said Sony at the time.
Sony CEO Kaz Hirai was one of several high-ranking executives who personally apologised for the hack, and the company eventually offered its users a selection of free games as compensation for the downtime.
@AncientDozer Not these days. All that piggy bank cash is tied up in the business of not letting their badly run company go belly up!
"This fine is unfair! Yes we built a badly-designed easily hacked network that a high school kid could have designed to be more secure, that made it easy for someone to hack in and steal all your personal information, but you can't prove they did anything illegal with it so we should be in the clear!"
Way to miss the fucking point AGAIN Sony. Christ that arrogance is gonna the sink the company in the next 5 years.
I agree. Sony are to blame for it. and i think the fine should have been much higher. They got off easy. its the one reason i stopped playing PS3 and have an Xbox, because i do not want my identity stolen
We just don't like the Japanese take our sources of witches, faires and elves which allows them to make stories for their RPG games. I wish it was SquareEnix! That's why Nintendo doesn't want the Wii to be online 24/7. It's because of this!
Everything is hackable. Fining a company that has already gone to great lengths and great expenses to increase their security is not going to help anyone.
@TrueProphecy22 Actually, it will. It sets an example rather than just letting people off because they apologized. It doesn't work that way for people, it certainly shouldn't work that way for companies considering how much more responsibility they should have. If you do something stupid, you get fined and/or go to jail, you don't get to skip it because you're sorry. End of story. The only sad thing is £250k is pennies to Sony, should have hit them for 10 times that.
well, as long as we are reading headlines that say console maker gets large fine, and not hackers traced and given large fine, this will continue. Just to add to others comments, never ever put a debit card details into a console. They may look and act like credit cards but they are hardwired into your bank account and do not offer the same safeguards. Always use prepaid cards or face the concequences.
Does this explain why so many people are getting account ban messages from SCEE because my friend who is from New York got a ban notice from SCEE just because he logged into some friends hacked ps3. I feel sorry for my friend but I just find it odd that he received a ban message from SCEE instead of SCEA
i never.ever. gonna put a credit card on a console
even on XBL i don't want the company to know the digits
there is a lot of pre-paid ways to buy like maximuscards, or buying a pre-paid card in a store
it's more expansive sure,but it's 10000times safer
This is ONE of the reasons I don't mind paying $50 a year for XBL..
And keep in mind, I'm not trying to attack the ps3 or psn in this comment.
@FollowY0urBliss Just remember when a hacker wants to hack something, they hack something.
And fyi i know tons of people who have xbox live who have had their credit/debit info hacked off of xbox live.
Microsoft's answer?(and i am not joking) "It was your fault for giving us the information online"
Sony got away with a limp slap on the wrist and have said they'll appeal... maybe they'll get a proper fine at the appeal hearing.
@TTDog A proper fine for what? This is a office just trying to get some money off of Sony at this point. Otherwise it would of been done much closer to the time it happened.
And also Sony handled it well.And most of the information stolen, you could find in a dam phonebook or by searching someone's full name on google.
@WolfGrey Handled it well!!! Which part did you like the best? Where they denied it even happened for days or where they took even longer to actually let the users of those accounts what had happened?
This is a fine of less than half a penny per account... stupidly low considering they've been found to ba lax in their security... they got away with a light slap on the wrist at worst.
@WoodenStick Yeah you don't understand how network logging works at all do you.
@TTDog it's obvious that Sony has made efforts to build a even better security system for their customers, bc of the attack, but you're right in that Sony should have made it clear of what had happened.
Now if xbox360 could be hacked as stated previously and just waiting for it to happen, what do you think would happen? First thing one company doesn't want is panic.
What does panic cause on the internet? Massive net-traffic when the authorities are trying to track evidence of the hackers.
Increased net-traffic could jam network and thus prevent you from reaching the evidence.
I can't say I particularly approve of the fine.. because to be fair to Sony in the aftermath they seriously tried hard to please their customers. They new they were in the wrong and offered everyone free games as a sorry.
What annoys me more however is the fact the UK Information Commissioner's Office will be receiving £250k, not the people that were actually affected. Why should ICO reap the benefits here? I wouldn't want to see Sony lose anything personally but if money has to go somewhere it should go to the customers, not a branch of the government.
Your computer was hacked? Well, that wasn't very responsible of you, now was it? We'll have to take your money now, sorry.
I was wondering who had the authority to fine them other than the government. I guess the ICO works for them, go figure. Why now? Year and a half later. Oh and I am also wondering if anyone heard or themselves had anything bad happen as a result of the hack.
@sam628 Not really, just microsoft could care less about the rampact hacking and only bans the worst cases , most goes unpunished.
Yep and for all the Sony fanboys defending Sony and claiming the software was up to date here it is Sony being fined for out of date software. Fanboys need to learn not to stick their nose up corporate ***es.
@ArabrockermanX or anyone else for that matter. I don't think that is a healthy habit to have
And people like you choose to think what you just said is the main reason for the successful hacking. The truth is, anything can be hacked. You really think Xbox Live couldn't be hacked? MS was just lucky that they didn't piss off any hackers the way Sony did, by removing the 3rd party OS feature.
To be fair Microsoft and the 360 are hacked all the dam time.They just don't go public with it. In fact they often blame you instead and ban your account.Had a friend who had to wait two months for his account to be recovered.
And as for Sony, as said, if someone wants to hack, they are going to do it.
I'm disappointed that the fees are so low. Yes, nothing is hack proof. But Sony knew the risks. They were negligent in protecting our data using outdated software with vulnerabilities they knew about, plus they failed to tell us that our data was at risk after the breach that they made the despicable choice of covering up at first, so now they're paying the price.
If you went and hired someone to paint your home while you're away, they ended up breaking a window due to negligence, but then failed to tell you about it for as long as Sony did with our data, during which all kinds of bad things could happen, would you not hold them responsible?
No offense mate but the "info" that their software was outdated came from a guy on a forum that a techie put on his article as proof.
And Sony shutdown at the first true occurance and got to work trying to solve it.
Sure i am PC gamer first but i prefer information that is actually supported, don't you?
They should have had better security, but it's impossible to have everything completely hack proof. Anon has even managed to hack the Pentagon.
@hemoleech They fired their internet security shortly before the hack. Maybe they thought Norton 360 was good enough.
Nothing more than a P.R. move by the UK regulatory board. That fine is nothing more than a slap on the wrist.
Gotta love all the bashing on sony here. Especially the people who are saying "well you shouldn't use your credit card." And yet Steam, Blizzard, Origin, and Nintendo get a pass after they got hacked too.
@Albelnox0 But personal information was never at risk with all of those hacks... Also Nintendo's home page(useless information) got hacked not the gaming network where transactions take place...
Sony here got hacked because they used crap software and fired staff...
@ArabrockermanX @Albelnox0 So with steam, riot games, nintendo, battle.net getting hacked anyways, according to you THEY have good firewalls and "software.?" better then sony. You're telling me even though these companies got hacked and stole information from these companies that Sony lacks security. That makes no sense they got hacked it doesn't matter how much security you have, if someones going to hack they are going to hack you can't stop em. Any anti hack software and firewall is nothing to a hacker if they want to hack you they are going to hack you and dedicate their time to hacking you. That's pretty dumb to say and hypocritical.. And Actually peoples credit info was stolen through the steam hack, origin, League,and blizzard too. Look it up. Steam, blizzard, riot, and Ea never gave anything back. Yet Sony did and for some reason they get the shot all the time for it. Doesn't matter the point is your information is not safe anywhere, if someone wants to hack there are going to hack. You're not going to stop them no matter how good protection . How about instead of blaming companies, you get recognition out there for hackers to get caught and arrested for stealing personal information instead of giving them a free pass. You wan the real culprit, it's the hackers, or else they're gonna keep doing it.
@Albelnox0 I lost $400 due to Sony not using any encryption on their SOE servers. Sony just didn't care about protecting their customers.
Content you might like…
Users who looked at this article also looked at these content items.
Avalanche Studios co-founder says developer's ambition is for action, not moments that make players cry; steampunk-style game on hold. Full Story
- Posted May 15, 2013 11:33 pm AEST
4A Games creative director Andrew Prokhorov thanks Jason Rubin for telling the studio's story, but says, "We deserve the ratings we get." Full Story
- Posted May 17, 2013 5:44 am AEST