The 2011 PlayStation Network hack just cost Sony a bundle.
The 2011 hack that saw users’ personal data stolen wholesale just cost Sony £250,000 ($390,000). The fine, imposed by the UK’s data protection watchdog, the Information Commissioner’s Office, means that it thinks Sony could have done a lot more to protect users.
“There’s no disguising that this is a business that should have known better,” said the ICO’s director of data protection, David Smith. “It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.”
Smith went on to say that the case was one of the most serious the ICO had ever dealt with. It affected “a huge number” – Smith wasn’t prepared to say how many – of consumers, putting them at risk of identity theft. The ICO concluded that, if Sony’s security protocols had been up to date and it had handled passwords securely, the hack could have been prevented.
Sony, as you might expect, disagrees strongly with the ICO’s assessment, and plans to appeal. It pointed out that even the ICO hasn’t been able to prove that the stolen data was used for fraudulent purposes, and claimed that there was no evidence that encrypted credit card details had been used by the hackers.
Back in 2011, Sony boss Sir Howard Stringer had hoped the whole mess was over and done with. “We at Sony have been flooded, we’ve been flattened, we’ve been hacked, we’ve been singed,” Stringer said, “But the summer of our discontent is behind us.” Apparently that wasn’t quite so, and – if the UK has its way – an additional bill may yet be due.