Data Protection Watchdog Hits Sony With £250,000 Fine

Data Protection Watchdog Hits Sony With 250,000 Fine

image

The 2011 PlayStation Network hack just cost Sony a bundle.

The 2011 hack that saw users' personal data stolen wholesale just cost Sony 250,000 ($390,000). The fine, imposed by the UK's data protection watchdog, the Information Commissioner's Office, means that it thinks Sony could have done a lot more to protect users.

"There's no disguising that this is a business that should have known better," said the ICO's director of data protection, David Smith. "It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe."

Smith went on to say that the case was one of the most serious the ICO had ever dealt with. It affected "a huge number" - Smith wasn't prepared to say how many - of consumers, putting them at risk of identity theft. The ICO concluded that, if Sony's security protocols had been up to date and it had handled passwords securely, the hack could have been prevented.

Sony, as you might expect, disagrees strongly with the ICO's assessment, and plans to appeal. It pointed out that even the ICO hasn't been able to prove that the stolen data was used for fraudulent purposes, and claimed that there was no evidence that encrypted credit card details had been used by the hackers.

Back in 2011, Sony boss Sir Howard Stringer had hoped the whole mess was over and done with. "We at Sony have been flooded, we've been flattened, we've been hacked, we've been singed," Stringer said, "But the summer of our discontent is behind us." Apparently that wasn't quite so, and - if the UK has its way - an additional bill may yet be due.

Source: Guardian

Permalink

Am I the only one that thought that this news article was about the video game watchdogs? Whatever happened to that anyway?

Doesn't Sony deal in billions? Not hundreds of thousands? Because honestly I don't think thats a big deal to them

erttheking:
Am I the only one that thought that this news article was about the video game watchdogs? Whatever happened to that anyway?

The "rumours about the new XBOX" newspost the other day mentioned a tech demo on the PC.

OT: Why only the UK? Were we the only ones who got hacked? That seems unlikely...

I think is is HILARIOUS that they are getting fined for the GROSS level of negligence they showed here. There had been more than a few people working for them and out side sources that said they were not taking security seriously. If people trust you and you abuse that trust then you should have to pay the piper.

Edit: I know it is a drop in the bucket to them for money, it is more about the other problems a fine like this causes. It raises the bar for future fines and sanctions, plus it puts them into the watched list.

Hell this isn't even a slap on the wrist at that price. So much for consumer protection.

I am just curious as to why it took them almost 2 years to come up with this fine, what was stopping them from doing this earlier?

2 years to deliver a fine that is pretty much nothing to them? Not quite sure people can say justice has been served here!

Karloff:

Sony, as you might expect, disagrees strongly with the ICO's assessment, and plans to appeal. It pointed out that even the ICO hasn't been able to prove that the stolen data was used for fraudulent purposes, and claimed that there was no evidence that encrypted credit card details had been used by the hackers.

Is it just me or is he kinda missing the point.

-Dragmire-:

Karloff:

Sony, as you might expect, disagrees strongly with the ICO's assessment, and plans to appeal. It pointed out that even the ICO hasn't been able to prove that the stolen data was used for fraudulent purposes, and claimed that there was no evidence that encrypted credit card details had been used by the hackers.

Is it just me or is he kinda missing the point.

Sony's mind-set seems to be "Yeah we let people steal your stuff, but you can't prove they did anything with it so we did nothing wrong." Maybe next time don't keep credit card info in .txt files. Also, I know someone personally who started getting weird credit card charges shortly after the PSN hack. Could just be a coincidence, but I find it unlikely.

And if Sony really felt they weren't responsible and no harm was done, they wouldn't have changed their TOS to block class-action participation less than a week later.

Sylveria:

-Dragmire-:

Karloff:

Sony, as you might expect, disagrees strongly with the ICO's assessment, and plans to appeal. It pointed out that even the ICO hasn't been able to prove that the stolen data was used for fraudulent purposes, and claimed that there was no evidence that encrypted credit card details had been used by the hackers.

Is it just me or is he kinda missing the point.

Sony's mind-set seems to be "Yeah we let people steal your stuff, but you can't prove they did anything with it so we did nothing wrong." Maybe next time don't keep credit card info in .txt files. Also, I know someone personally who started getting weird credit card charges shortly after the PSN hack. Could just be a coincidence, but I find it unlikely.

And if Sony really felt they weren't responsible and no harm was done, they wouldn't have changed their TOS to block class-action participation less than a week later.

The block class action law suit thing is something every company wanted to have in their agreement but no one wanted to be the first ones to write it in and face the rather bad PR resulting from people signing away one of the best ways for people to stand against a corporation. Once that precedent was set (I think by AT&T), many companies added that to their terms of service(even the external hard drive I bought recently has it!), Sony was just one of the first to jump on that(doesn't make them look any better though).

I completely agree with the ICO's ruling. Sony should have known better and while you can never truly eliminate the chances of being hacked, you can keep it to a minimum but reducing a hackers motivation, eliminating any opportunities in the system and increasing security so their capabilities are squandered.

Karloff:

Sony, as you might expect, disagrees strongly with the ICO's assessment, and plans to appeal. It pointed out that even the ICO hasn't been able to prove that the stolen data was used for fraudulent purposes, and claimed that there was no evidence that encrypted credit card details had been used by the hackers.

Which is precisely why I will continue to agree with ICO. Nobody knows what happened to the information, there's no evidence it hasn't been hidden to be exploited at a later date and despite all that, sensitive information was taken and anything could have happened to it. They had a responsibility that REQUIRED competent security and it failed.

Jesus, why are we digging this old hole up again?

it took them 2 years to do this? really? where they sleeping? where the hell where these guys when I CARED about the Sony hack, and to top it off, they're demanding, what would be a $5 fine to a normal person. -.- bravo ICO, bravo

SkarKrow:
Doesn't Sony deal in billions? Not hundreds of thousands? Because honestly I don't think thats a big deal to them

Well, they do. i guess this fine means noone in the company will have lunch for 1 day.

This sounds like that fine they decided to put on a local supermarket here. they were selling plastic bowls that, when heated, woudl release poisonous gas. and heating wasnt needed to be high, 50C and your good. warm food would do the trick. so they fined the company, and again, and again. they paid 3 fines, sold the bowls off at a "Discount" and in court that followed said that its cheaper for them to pay the 3 fines AND court fines than to not sell them. so they sold them anyway.
and this is why we need fines to be based on % of comanies revenue.

SonicWaffle:

OT: Why only the UK? Were we the only ones who got hacked? That seems unlikely...

Because UK was the only one to be smart enough to realize the real situation?

Xannidel:
I am just curious as to why it took them almost 2 years to come up with this fine, what was stopping them from doing this earlier?

bureaucracy is enormous in modern world. As a person who work for government i cna say sometimes you wait for over a month to get a copy of some document....

sony's argument seems to be that something to the effect that even though somebody stole your stuff, the fact that they haven't done anything with it makes the rest of the case somehow less valid

i think they're running out of material

Strazdas:

SkarKrow:
Doesn't Sony deal in billions? Not hundreds of thousands? Because honestly I don't think thats a big deal to them

Well, they do. i guess this fine means noone in the company will have lunch for 1 day.

This sounds like that fine they decided to put on a local supermarket here. they were selling plastic bowls that, when heated, woudl release poisonous gas. and heating wasnt needed to be high, 50C and your good. warm food would do the trick. so they fined the company, and again, and again. they paid 3 fines, sold the bowls off at a "Discount" and in court that followed said that its cheaper for them to pay the 3 fines AND court fines than to not sell them. so they sold them anyway.
and this is why we need fines to be based on % of comanies revenue.

SonicWaffle:

OT: Why only the UK? Were we the only ones who got hacked? That seems unlikely...

Because UK was the only one to be smart enough to realize the real situation?

Xannidel:
I am just curious as to why it took them almost 2 years to come up with this fine, what was stopping them from doing this earlier?

bureaucracy is enormous in modern world. As a person who work for government i cna say sometimes you wait for over a month to get a copy of some document....

Yeah I don't think here you could get away with selling poisonous food containers like that, people would end up in prison and the fines would be of the bankrupting variety.
It's pretty shameful to fine them so little though considering they could well have cost the economy more than that in terms of the games and stuff that got delayed because of it, which also will have caused a fair loss in tax revenue.

The UK wasn't the only ones that got hacked, but we have very strict data protection laws here, though most companies will play on your ignorance of them, much like the laws around working hours and minimum wage.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Registered for a free account here