Tag Archives: David Smith

ICO Hit Sony With £250,000 Fine After Data Breach

The Information Commissioner’s Office (ICO) have hit Sony Computer Entertainment Europe Limited with a hefty £250,000 fine after completing their investigation into the data breach that occurred in 2011.

The incident occurred in 2011 when the PlayStation Network (PSN) was infiltrated by hackers. As a result of the breach, Sony confirmed that the hackers could have gathered personal information belonging to as many as 77 million people worldwide. It is thought that the personal information stolen included names, date of birth, addresses and even credit card details. However, soon after the initial breach was publicised, Sony released a statement claiming that all financial data and details was encrypted.

After the ICO investigation was completed, they came to the conclusion that the security defences that Sony had in place were quite simply not up to the task to protect the type of data that they had stored.

Deputy Commissioner of the ICO, David Smith, claimed, “If you are responsible for so many payment card details and log-in details, then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.”

Sony Computer Entertainment Europe Limited have already expressed their disappointment of the findings and conclusion of the investigation and are planning to appeal the fine.

In a statement, Sony stated, “Sony Computer Entertainment Europe strongly disagrees with the ICO’s ruling and is planning an appeal. SCEE notes, however, that the ICO recognises Sony was the victim of ‘a focused and determined criminal attack,’ that ‘there is no evidence that encrypted payment card details were accessed,’ and that ‘personal data is unlikely to have been used for fraudulent purposes’ following the attack on the PlayStation Network.”

Sony also added, “Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient. The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack.”

Sony will only have to pay £200,000 if they pay the fine by the 13th February as part of an early payment discount.

As the techniques of hackers are becoming more sophisticated and complex, the importance of having adequate data protection methods in place is becoming more vital as each day passes. To further enhance your protection, a secure and robust data backup solution should be in place to ensure that any deleted or tampered data can be recovered, helping to reduce the overall impact if you systems were successfully hacked.

Greater Manchester Police Hit with Fine after Data Loss

The Information Commissioners Office (ICO) has hit Greater Manchester Police with a £150,000 fine after a data loss incident.  This fine was later reduced to £120,000 after the ICO granted them a twenty per cent discount for early payment.

Data belonging to over 1,000 people with links to serious crime investigations had been saved on a memory stick and was taken home by a detective.  In July 2011, the detective’s home was broken into and his wallet which contained the memory stick and his car keys were stolen.

During the ICO’s investigation into the incident, it was revealed that Greater Manchester Police hadn’t acquitted themselves very well at all as data protection procedures were nowhere near the required level.

The data that was on the memory stick was in an unencrypted format and wasn’t even password protected. As there was no security measure taken place, the data on the memory stick could easily fall into the wrong hands and be readily accessible.

The ICO investigation team concluded that Greater Manchester Police staff hadn’t been significantly trained in data protection and this is despite a similar data loss incident that occurred in 2010. Surely after the incident in 2010 would have resulted in more stringent measures being put in place and enforced but obviously this wasn’t the case and confidential data has been put at unnecessary risk.

David Smith who is the ICO Director of Data Protection stated, “This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine. It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action. This is a substantial monetary penalty, reflecting the significant failings the force demonstrated. We hope it will discourage others from making the same data protection mistakes.”

Assistant chief constable Lynne Potts later claimed, “This was very much an isolated incident. We take all matters relating to the storage of data extremely seriously and have stringent measures in place to ensure the safe storage of data.”

With the ICO now issuing such fines, it does make you wonder why data is still being put at an unnecessary risk. There are a number of basic security measures that can be employed such as encrypting the data which can help to reduce the impact if devices such as memory sticks are lost or stolen.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal