Sony has been slapped with a £250,000 fine after watchdogs found it had breached the Data Protection Act.

The Information Commissioner’s Office (ICO), which promotes openness by public bodies and data privacy for individuals, dished out the monetary penalty following a 2011 incident in which the Sony PlayStation Network Platform was hacked.

The incident compromised the personal information of millions of customers, including their names, addresses, email addresses, dates of birth and account passwords. Customers’ payment card details were also at risk.

An ICO investigation found that the attack could have been prevented if the software had been up-to-date, while technical developments also meant passwords were not secure.

A criminal attack

ICO’s Deputy Commissioner and director of data protection, David Smith, said there is no disguising the fact that Sony ‘should have known better’.

“If you are responsible for so many payment card details and login details, then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough,” Smith said.

He went onto say that Sony had access to both the technical knowledge and the resources to keep the information safe and that the £250,000 fine, which must be paid by February 14, reflected the seriousness of the incident.

“Companies certainly need to get their act together, but we all need to be careful about who we disclose our personal information to,” Smith added.

Sony plans appeal

Sony Computer Entertainment Europe strongly disagrees with the ICO’s ruling and is planning an appeal.

Sony notes however, that the ICO recognises it was the victim of ‘a focused and determined criminal attack’, that ‘there is no evidence that encrypted payment card details were accessed’, and that ‘personal data is unlikely to have been used for fraudulent purposes’ following the attack on the PlayStation Network.

A spokesman from Sony said: “Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient.

“The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack.”

Following the breach, Sony has rebuilt its Network Platform to ensure that the personal information it processes is kept secure.

[Image via axiommagazine]