The Information Commissioner’s Office (ICO) have hit Sony Computer Entertainment Europe Limited with a hefty £250,000 fine after completing their investigation into the data breach that occurred in 2011.
The incident occurred in 2011 when the PlayStation Network (PSN) was infiltrated by hackers. As a result of the breach, Sony confirmed that the hackers could have gathered personal information belonging to as many as 77 million people worldwide. It is thought that the personal information stolen included names, date of birth, addresses and even credit card details. However, soon after the initial breach was publicised, Sony released a statement claiming that all financial data and details was encrypted.
After the ICO investigation was completed, they came to the conclusion that the security defences that Sony had in place were quite simply not up to the task to protect the type of data that they had stored.
Deputy Commissioner of the ICO, David Smith, claimed, “If you are responsible for so many payment card details and log-in details, then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.”
Sony Computer Entertainment Europe Limited have already expressed their disappointment of the findings and conclusion of the investigation and are planning to appeal the fine.
In a statement, Sony stated, “Sony Computer Entertainment Europe strongly disagrees with the ICO’s ruling and is planning an appeal. SCEE notes, however, that the ICO recognises Sony was the victim of ‘a focused and determined criminal attack,’ that ‘there is no evidence that encrypted payment card details were accessed,’ and that ‘personal data is unlikely to have been used for fraudulent purposes’ following the attack on the PlayStation Network.”
Sony also added, “Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient. The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack.”
Sony will only have to pay £200,000 if they pay the fine by the 13th February as part of an early payment discount.
As the techniques of hackers are becoming more sophisticated and complex, the importance of having adequate data protection methods in place is becoming more vital as each day passes. To further enhance your protection, a secure and robust data backup solution should be in place to ensure that any deleted or tampered data can be recovered, helping to reduce the overall impact if you systems were successfully hacked.