Sony Fined £250K for 2011 Hack, Weak Security Core Complaint


In 2011, Sony’s PlayStation Network was hacked and compromised 77 million accounts exposing customer names, addresses, dates of birth, passwords as well as payment details.

The breach wasn’t quickly identified and it took longer for Sony to inform customers of the breach because it wasn’t until it noticed that payment details were compromised that the company informed its customers.

Sony offered financial compensation to those who suffered monetary loss due to the breach while others just waited for the outage to be over and get back to gaming.

A year later, it was discovered that aside from customers’ information being hacked, about 50,000 music files were also compromised.  Most of the music files said to have been from the late King of Pop Michael Jackson.

The hack happened almost two years ago, it seems everyone has moved on, forgotten what happened, thinking that Sony already learned its lesson and fortified its security, but not everyone has locked the incident in the past.

“The wheels of civil justice turn slowly,” says Kyt Dotson, HackANGLE editor. “The case of Sony getting hacked was a hot item at the time–especially for those 77 million users–and it’s lead to a lot of questions about industry standards for keeping users safe. We continue to see mega-sized breaches year-in and year-out and regulation centering on increased cybersecurity may be as necessary as customers learning to better protect themselves.”

Fined for weak security

The Information Commissioner’s Office fined Sony £250,000 for the hack stating that it was in “serious breach of the Data Protection Act.”

“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn’t happen,” said David Smith, deputy commissioner and director of data protection. “When the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.”

As for the penalty imposed on Sony, Smith stated that it was just, considering the fact that the company put people’s identities at risk for theft.

“The penalty we’ve issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft,” added Smith.

Although Smith pointed out that because of the breach, 77 percent of consumers are now more cautious about giving out their personal details on websites.