Sony Drops Appeal of PSN Hack Penalty

Sony Drops Appeal of PSN Hack Penalty

PlayStation Network logo

Sony has dropped its appeal of a 250,000 fine over the 2011 PlayStation Network security breach, saying that continuing the fight would require it to expose "sensitive security data."

The PlayStation Network suffered a rather catastrophic security breach back in 2011, as you may recall, which landed it in all sorts of hot water. Among those miffed by Sony's failure to maintain the security of its users' personal information is the Information Commissioner's Office in the U.K., which slapped the company with a fine of 250,000 ($377,000) in January.

Sony appealed the fine, naturally, but has now decided to drop the matter, saying that while it still disagrees with the outcome, it cannot continue to challenge the decision without revealing confidential PSN security information. "This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding," a Sony rep said. "We continue to disagree with the decision on the merits."

When it handed out the fine, the Information Commissioner's Office acknowledged that Sony had been targeted by a "determined criminal attack" but nonetheless declared that "the security measures in place were simply not good enough," adding, "If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority." Following Sony's decision, the ICO said in a statement that it "welcomed" the outcome.

Sources: BBC, V3

Permalink

I doubt they even had a security system at the time.

"This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding

Notice how they say they have a commitment to protecting the network security but say nothing user information. Methinks they are possibly trying to cover up that they had shitty systems in place at the time and an appeal would highlight that (again), which could lead to more trouble. Quit while you're behind, and all that. [/tinfoilhat]

We haven't forgotten, Sony.

I bet any braindead script kiddie with the most basic of tools can gain surface access to Sony's servers, much less break into them entirely and make off with all the credit card information.

By the way, Sony is a Japanese company. I would expect more discipline from those guys.

Yeah, I'm sure fining them a massive sum of money will help them fund improvements to their security.

Pretty sure this was just a cash grab, abusing legal procedures.

I don't blame Sony at all. Pretty sure almost anything can be hacked if someone is determined enough.

Hell, plenty of legit websites have malicious code in their ads. Doesn't mean the company is incapable of protecting their shit. Yes I realize infected ads are very different from the subject matter, but its a point that stands. Nothing is 100% safe and people are of course always very accusatory and upset when they get scared.

As unpopular as it is to defend them, IT security isn't always as easy as it seems. Not to mention when it comes to safeguarding client information there are numerous legal acts that outline how the information will be protected/handled. In this case it'd fall under the PCI DSS law; which affects banks, retailers, and anyone else who handles credit card information. They're a technology company, they need security not only for their clients but for their own internal devices. Keep in mind that anything can be broken into, given enough time and effort; this goes for all forms of security. It doesn't help that the bigger an organization is, the more likely it is they'll receive random/targeted attacks on top of having more enemies. Keep in mind that as a technology company they have customers to cater too, any competent company knows that bad press is hard to recover from. Assuming their security is lax is insulting, but of course I'm writing this on The Escapist. Lotta good that'll do.

michael87cn:
Yeah, I'm sure fining them a massive sum of money will help them fund improvements to their security.

Pretty sure this was just a cash grab, abusing legal procedures.

I don't blame Sony at all. Pretty sure almost anything can be hacked if someone is determined enough.

Hell, plenty of legit websites have malicious code in their ads. Doesn't mean the company is incapable of protecting their shit. Yes I realize infected ads are very different from the subject matter, but its a point that stands. Nothing is 100% safe and people are of course always very accusatory and upset when they get scared.

Why is it anyone but Sony's responsibility to pay for their security? They don't need help paying for their operations.

The fact you claim this is a cash grab and that you don't blame Sony implies you didn't actually read into the decision (You can read a version modified for public release here). Their security system at the time of the leak was outdated, leaving a vulnerability that was exploited to access the network, a vulnerability that could have been fixed had Sony done it. As such, their slowness in fixing a known exploit lead to millions of people having their private information accessed and taken. Because of this, they were found in breach of the UK's Data Protection Act of 1998, which is punishable by a fine, and the extent of the breach, in the orders of millions of people, as well as the severity of the type of information stolen (payment details which could feasibly be used for card fraud), lead to a substantial fine.

This was a massive leak of information from a multinational technology company which should have been completely capable of protecting said information better than they did. Sensitive information which could have severely affected millions of people's lives. In what way should this not be punished?

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here