Sony Europe fined £250k over 2011 PSN outage breach

Thursday, 24th January 2013 08:44 GMT By Dave Cook

SCEE has been fined £250,000 by the UK Information Commissioners Office over the infamous 2011 PSN date breach that sparked a panic among the press and gamers for fear that credit card data and other sensitive information was at risk. A video statement has been issued by the ICO on the matter this morning.

UPDATE: Sony has announced it will appeal against the fine and has issued a statement on the matter here.

Original Story: MCV reports that the PSN outage – which occurred in April 2011 – has been labelled by the ICO as “The most serious breach” it has ever had to deal with, according to the body’s deputy commissioner David Smith.

Smith added that the ICO would make no apology for the size of Sony’s fine, but added that since the outage Sony has stepped up its security in order to safeguard customer data.

Here is the ICO video statement in full:

We rounded up the entire saga of events in this report, covering all parties who spoke out on the incident, such as Lulzsec, Geohot, Anonymous and more.

What do you think of the penalty? Is it a fair amount, or is it unreasonable? Let us know below.



  1. stevenhiggster

    I’m in two minds about this. On one hand, their security clearly wasn’t up to the job so yes they deserve some form of comeuppance. But who the fuck are the ICO to decide, and unless they plan to give that £250k to charity then I think it was just a case of “yipee, a big company fucked up, lets get all our Christmas bonuses sorted!”
    Basically I think they should have had some punishment but I think a £250k fine is both excessive and utterly pointless.

    #1 2 years ago
  2. Deacon

    Considering no-one was really affected, this seems fair. I guess.
    Is there anything comparable?

    Not going to get into it all again, but considering that any network anywhere on the planet ‘could’ be hacked, this does sort of seem like a bit of a pointless wrist-slapping.

    I agree with #1. Excessive and pointless sounds about right.

    #2 2 years ago
  3. Dragon246

    Can we get some more free games? :D

    #3 2 years ago
  4. RandomTiger

    I’d disagree with both of you, in the long run companies wont take security seriously unless there are fines and penalties in place. Sony and many many more were happily collecting as much info about us as they could and failing to implement the most basic security features properly.

    It would be interesting to know what they do with the money, I imagine some of it will cover the investigation into how bad the Sony breach was which otherwise would need to be paid by taxpayers.

    Sony should pay up, move on and focus on the future.

    #4 2 years ago
  5. RandomTiger

    I suppose looking at it from Sony’s point of view if every country issues a fine like that it could get a bit costly.

    #5 2 years ago
  6. Deacon

    @4 – So any company targeted by hackers should now have the additional burden of paying huge fees – in addition to the damage to their reputation and image?

    Moving forward I don’t think anyone is taking security for granted. And even then, if a group of people are dedicated enough, I dare say they could still have their network breached.

    Fine’s aren’t the answer. Where will this £250,00 even go? Some fat profiteering cunt’s pocket?

    I’m not saying there shouldn’t be some comeuppance, but just throwing money at it isn’t going to help either.

    The damage to their image cost them far more than a mere £250,000 I reckon. That’s fucking peanuts in the grand scheme. Hardly a deterrent for others, right? – especially considering the length of the downtime and disruption.

    #6 2 years ago
  7. Kaufer

    I think the fine is unjustified given that sony was the victim of the hack and there is no fullproof way of blocking it. Its not like sony deliberately put private information on a CD or USB and lose it as the UK government have been known to do.

    #7 2 years ago
  8. Deacon

    ^ this.

    I honestly don’t know, but did all the other hacking victims in recent years have to pony up for huge fines?
    Holding them to blame just seems a bit backward to me.
    “Despite the estimated $60 billion invested by corporations and governments in network security systems, hackers continue to circumvent them.”

    It’s inevitably going to happen. No-one is above it or safe from it. If it happened to the small business you work for and someone tried lumping a £25,000 fine on them, that may mean you no longer have a job and an income!

    Bugger that!

    #8 2 years ago
  9. Joe Musashi

    I’m not too fussed about the hows and whys. But I’d be interested to know what that 250k will be used for.

    If, say, its to finance a process/protocol that means the ICO perform regular reviews of security and provide worthwhile feedback to those they hold accountable – then ok. That’s a constructive use and makes steps to improve the situation for all (apart from hackers).


    #9 2 years ago
  10. Clupula

    Well, I guess this is the end for Sony, considering how many people here are convinced they’re almost bankrupt anyway. This money will be too much for them to handle and the PS4 will just be a big cardboard box with PS4 written in crayon on the side.

    #10 2 years ago
  11. Deacon

    Good point Joe. I’d also be very interested to know.

    First, let’s see if the ICO get their way…

    #11 2 years ago
  12. RandomTiger

    @6 No put as I understand it Sonys security was poor, it assumed that no one could ever hack into the system and made little effort to protect the data should it be breached. Do correct me if Im wrong there.

    Fines for this kind of thing shouldnt be offset just because the company has suffered a reputation hit. Sony were boasting soon after that activity was back to normal. Probably because they had the sense to throw out those free games. That and Journey got my credit card details back onto Sonys system.

    Fines should be proportional to the number of customers and seriousness of the breach. If you are a small company who cant survive being fined (even small amounts) then either dont keep peoples data, or contract a security firm to handle it for you, or make damn sure you have done everything reasonable in your power. If companys cant self regulate their data security then the goverment will have to step in with more red tape. No one wants that.

    Yes the goverenment is a total joke in the area of data security but that doesnt mean that state orginisations shouldnt be looking out for consumers.

    People aren’t taking security for granted after all these hacks no. But they likely will when things die down. Companys like Sony are under cash pressure and are always looking to cut costs. This will happen all over again, perhaps not with Sony but the hackers are no doubt looking forward to their next big session when they make everyone look like fools again. Lets hope they will still do it as a prank rather than to clear out your bank account.

    The good thing is at least Sony security is probably really good now, I bet MS boosted theirs too, they were very very quiet through that whole episode.

    #12 2 years ago

Comments are now closed on this article.