UK Goverment Makes Sony Pay For 2011 Hacking

By January 25, 2013

HEY, KIDS! Remember back in 2011 when Sony Playstation Network and Qriocity (pronounced “curiousity”) were hacked, leaving 77 million accounts compromised in a HUGE way (causing PlayStation Network to be shut down for a month) and is still known as one of the “largest data security breaches in history”?

So does the United Kingdom.

In a ruling handed down yesterday by the Information Commissioner’s Office, Sony Computer Entertainment Europe found themselves slapped with a fine totalling £250,000 ($395,000 US) for “serious breach of the Data Protection Act.” by determining the attack “could have been prevented if the software had been up-to-date” and said “technical developments also meant passwords were not secure.”

In a statement given by ICO deputy commissioner and director of data protection’s David Smith, he said:

“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn’t happen. When the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.

There’s no disguising that this is a business that should have known better. It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.

The penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft.”

Of course, SCEE “strongly disagreed” with the ICO ruling and plans to appeal, claiming that they were the victims of “a focused and determined criminal attack,” that there is no evidence encrypted payment card details were accessed and that “personal data is unlikely to have been used for fraudulent purposes” and “criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient. The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack.”

To quote Jules Winfield in Pulp Fiction, “Well, allow me to retort.”

Gaming journalists (yours included) caught on about 48 hrs into the hacking yet Sony waited a FULL WEEK to finally pony up and admit “what up”. As someone who had to order NEW CREDIT CARDS because the PSN account I had opened 2 years earlier JUST to review a damn Hannah Montana PSP/game bundle (and hadn’t used for about a year BEFORE the hacking) had “‘possibly been compromised’ and someone “possibly” had my name, address, date of birth, password and “POSSIBLY” my credit card info”via email FOUR DAYS AFTER running a story two days into the attack, I say “GOOD”.

And before you PlayStation loyalists even ask, yes, Xbox LIVE went down for 11 days back in 2007…BUT that was due to a server overload of Call of Duty 4 players, so your argument is invalid.

They got off light as far as I’m concerned but I can see why Sony is nervous, as this could set a dangerous precedent down the line. But again, if they had been honest about it in the FIRST PLACE, people would’ve (“possibly”) been more understanding.

Team Xbox, says me.

The following two tabs change content below.
Cricket Lee
Star Wars fangirl. Named Best Kisser by Time Magazine. CEO/Host: Girl Gamer; host of Gecken: GeekNation; writer: Dread Central. You'll have a crush on me soon. Vote Quimby. Twitter: @crixlee