Sony fined over 'preventable' PlayStation data hack

Simon Entwistle, Information Commissioner's Office, told the BBC that Sony "could have done more"

Related Stories

Sony Computer Entertainment Europe has been fined £250,000 ($396,100) following a "serious breach" of the Data Protection Act.

UK authorities said a hack in April 2011 "could have been prevented".

The Information Commissioner's Office (ICO) criticised the entertainment giant for not having up-to-date security software.

Sony told the BBC it "strongly disagreed" with the ruling and planned to appeal.

"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient," a spokesman for the firm added.

The company had previously apologised for the hack which saw its PlayStation Network knocked offline for several days. In May 2011 company executives bowed in public and offered users free games to show their remorse.

'Not good enough'

The ICO's report said technical developments had led to user passwords not being secure - leaving data such as names, addresses, dates of birth and payment card information at risk.

Sony executive vice president and Sony Computer Entertainment president Kazuo Hirai Sony executives made a public apology for the Playstation hack in May 2011

"If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," said David Smith, deputy commissioner and director of data protection at the ICO.

"In this case that just didn't happen, and when the database was targeted - albeit in a determined criminal attack - the security measures in place were simply not good enough."

Since the hack, which angered gamers who wanted to play over 2011's Easter weekend, Sony has said it has rebuilt the PlayStation Network system to be more secure.

But the ICO said the fine reflected the severity of the security lapse, adding that it was among the most serious it had ever seen.

"There's no disguising that this is a business that should have known better," Mr Smith added.

"It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe."

One positive from the hack, Mr Smith said, was that polls conducted after the breach suggested a greater awareness of the risks in handing over personal data.

More on This Story

Related Stories

More Technology stories



  • The OfficeIn pictures

    Fifty landmark shows from 50 years of BBC Two

  • French luxury Tea House, Mariage Freres display of tea pots Tea for tu

    France falls back in love with tea - but don't expect a British cuppa

  • Worcestershire flagFlying the flag

    Preserving the identities of England's counties

  • Female model's bottom in leopard skin trousers as she walks up the catwalkBum deal

    Why budget buttock ops can be bad for your health

  • Two women in  JohanesburgYour pictures

    Readers' photos on the theme of South Africa

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.