Digital Transformation

Sony handed huge fine by ICO after 2011 hacking

A fine of £250,000 has been imposed on Sony for security breaches.

A failure by Sony Computer Entertainment to implement proper data protection measures has resulted in the company receiving a huge fine from the Information Commissioner’s Office (ICO).

The incident in question occurred in April 2011, when computer hackers exploited a vulnerability in the technology giant’s infrastructure and gained access to the PlayStation network.

There, they managed to find and leak details including users’ passwords, credit card details, email addresses and birth dates, something that could have left millions of people vulnerable to identity theft.

An investigation was launched by the ICO straight away and it decided this week to impose the maximum available penalty for a private company on Sony for its security breach.

It means the company must pay £250,000 – only two other organisations have ever been fined more and they were both local authorities.

David Smith from the ICO said the situation was one of the most serious it has ever handled and insisted that it need never have happened if Sony had kept its software up to date and handled passwords more securely.

"This is a business that should have known better. It is a company that trades on its technical expertise," he pointed out, adding: "There’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe."

Sony has completely altered its security systems since then and it denied the security breach was as serious as the ICO claims.

"[The] personal data is unlikely to have been used for fraudulent purposes," it said, adding that there is no evidence to suggest credit card details were accessed and used.

It comes after KPMG’s Data Loss Barometer showed that the number of incidents in which companies have had their important data hacked has rocketed in the past two years as criminals develop more sophisticated techniques.