Sections

Sony decides not to appeal £250,000 fine handed out over PlayStation hacks

Saturday, 13th July 2013 19:03 GMT By Stephany Nunneley

Sony has decided not to appeal the £250,000 fine it was handed by the Information Commissioner’s Office after the April 2011 PlayStation Network hack which caused 77 million accounts to be compromised.

ICO fined the firm back in January, after finding that the breach was “preventable” and that Sony, as a business, “should have known better” as the occurrence fell under the Data Protection Act.

Sony said it dropped the appeal “after careful consideration,” as part of its “commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding.”

Despite it’s decision not to appeal the fine, Sony said it continues to “disagree with the decision on the merits.”

Thanks: V3, CVG.

Breaking news

24 Comments

Sign in to post a comment.

  1. MCTJim

    Good, they should pay for what happened..sure disagree Sony…you got hacked and took over a week to actually say what happened…i say the fine should be more. That will teach them not to LIE to the consumer about the information that was released onto the Internet. The was the largest data security breach in History.

    #1 1 year ago
  2. ChunkyLover112

    #1: +1

    The fine should indeed be much higher.

    #2 1 year ago
  3. spoffle

    Chunkylover, you come across as mentally deficient, and or mentally handicapped.

    #3 1 year ago
  4. DrDamn

    @1
    I’m not sure what a fine like this is meant to do though. It cost them a lot more in fixing, compensating and reputation. Seems pointless and who exactly does this money go to?

    It wasn’t the biggest data breach in history either, not in terms of accounts or cost.

    #4 1 year ago
  5. spoffle

    @DrDamn

    The fine is punitive, there solely to act as punishment.

    It gets paid to the HM Treasury, and the fines top out at a maximum of £500,000.

    #5 1 year ago
  6. MCTJim

    @4 you are indeed correct..I combined the two hacks when I should not have. They are the 4th largest if we count each event singly…sorry for the confusion

    #6 1 year ago
  7. Anonymousman

    A hack is preventable!?!?!? WHAT!?!?!? HAHAHAHA the ICO doesn’t know what they’re talking about. You can’t prevent a hack, you can make an attempt to prevent one. But you can’t fully prevent one. Hackers can hack into anything they set their heart too, whether there is security protection or not. Hackers WILL get past it. Might as well sue every company that has gotten hacked. Go to every company that has had a hack attack and tell them they should have known better. Heck, even a PC Security company was hacked! Are you going to say they should have known better or that they should have had the best security since they are a company based on making software to protect computers and servers!?!?!?! This is nonsense! The only, and surprisingly, the only business that it’s very hard to hack into are banks. They have some security program made exclusively for them. Although, it is still possible to hack into them. Everything that is connected to the internet CAN be hacked into. Even with the BEST security, such as the bank’s security. Suing a company over something that can’t be prevented is retarded unless there’s proof that the company hasn’t done anything to protect their computers and servers.

    #7 1 year ago
  8. DSB

    Anyone who holds on to 77 million accounts should be expected to have proper security measures in place.

    The fact that they won’t even try to fight it says it all, really.

    #8 1 year ago
  9. RandomTiger

    @7 Determined hackers can probably compromise any system but company’s still need to put in reasonable resources into trying to prevent this. I assume Sony was found lacking in this area.

    For me the big thing is not that they were hacked but that once security was passed there was little in the way of data protection. Seems to me you might as well assume you will be hacked and encrypt all data you hold.

    #9 1 year ago
  10. kingy

    they basically don’t want everyone to know how bad their security was that’s why they haven’t appealed it lol sony. I think they got off easy with £250k ,I bet this is why there charging for psn or multi player as they call it to pay for better security

    #10 1 year ago
  11. OrbitMonkey

    Yeah, Sony got hacked… MS just give your info to the NSA. Much more efficient.

    #11 1 year ago
  12. DSB

    The NSA isn’t looking to swipe your VISA “for teh lulz” though, they’re way too well funded for that :P

    #12 1 year ago
  13. OrbitMonkey

    ^ lol, how do you think they fund their black bag ops?

    It isn’t Nigerians running those phising scams!

    #13 1 year ago
  14. silkvg247

    Anything is hackable. Anything. It’s just code, and it’s “just” encryption. You can write code to counter any of this, though in some cases to an average person like me it seems way way too complicated to even try.

    Regardless the fine makes no sense, and certainly the statement about prevention. What about when their new preventative layer gets hacked? Another fine? It’ll never end.

    I think the real issue is when people think that any digital information is secure in the first place! That’s a damn stupid assumption if I’m blunt. Once it’s connected to the internet, it isn’t 100% secure. Hell even if it’s offline, there’s still a way. There’s always a way. To argue otherwise would be to say that all diseases are 100% incurable.. good job scientists don’t think like that really.

    #14 1 year ago
  15. OrbitMonkey

    ^ why is it I imagine you dressed as jeff goldblum in jurassic park, when I read that?

    #15 1 year ago
  16. Rockin a Jack D

    Sony should’ve been fined £100m for their incompetence to keep personal details secure. Same should be applied to Ubisoft/EA for their fuckups.

    Such a small fine isn’t going to teach them anything.

    Luckily i’ve never had a PSN account.

    #16 1 year ago
  17. DSB

    @14 Except the fine isn’t for being hacked.

    It’s for not having proper security, ie making it easier for them than it should be by not updating their software.

    If it had been a “new” preventative layer, there would be no fine.

    #17 1 year ago
  18. lexph3re

    I find that statement difficult to agree with DSB. Mainly because it took hackers 5 years to break Sonys security, it wasn’t like with the xbox and wii where they were jail broken and hacked into the first year.

    Sonys security was probably some of the best this gen regardless what anyone says. Them not having it is just really hard to believe. Well unless your like chunky and believe anything negative about a company you despise

    #18 1 year ago
  19. DSB

    @18 Comparing hardware security to network security is more than a bit silly.

    The fact is that it took hackers 24 hours to get that data, with no response from the network owners. When someone tried the same thing with Minecraft, Notch (or Mojang) responded within minutes.

    The ICO clearly states that their software was outdated, and if Sony had any way to refute that, I don’t see why they’d take the fine and the bad PR.

    The implications should be quite clear for anyone who’s open to the suggestion that maybe Sony isn’t perfect. Either way I’ll go with the ICO and the facts as they appear over apologists any day.

    #19 1 year ago
  20. super3001

    sony software engineers are such a joke. this idiot tax should be 10x

    #20 1 year ago
  21. lexph3re

    @19 Which is why i said jailbroken and hacked. Since hacking relates to networking and jailbreaking relates to hardware. And im also not saying their Network security wasn’t out of date the point of attack but considering for 5 years prior their network was secured i dont see how that instantly makes them incompetent. Hell the time the hack went down Sony had fired some network security specialist. Remember that info?

    So you attempting to spin me as an “apologist” is silly. Also did you change your op?

    It doesn’t take someone to “think” a companies perfect to refute your original post. Just someone who believes the outlash for Sony to pay more then what they already have is reaching towards unjust hate.

    #21 1 year ago
  22. DSB

    @21 Sony are paying for negligence in protecting the personal information of 77 million people. I doubt that’s even a pound per British account that was exposed. That’s pretty cheap in my opinion.

    The fact that they weren’t hacked for years doesn’t prove anything.

    I don’t know where you’re going with the security specialists. Sony trimming down their security staff two weeks before failing to respond adequately to an attack doesn’t make them look great.

    #22 1 year ago
  23. lexph3re

    Granted the FACT that there hasn’t been any proven exposure of 77 million users to this date. I think asking for them to pay a fine for something that doesn’t even have merit behind it is obsurd. Yes it is a good thing that they are paying for the hack as it was but asking them to pay more then that is just obsurd.

    And, Where I was going with that is the FACT that up until that point they clearly were doing a good job. It’s equivalent to how you measure a boxing match that goes into a unanimous decision. You count the blows taken the effect and then come to a choice on who preformed better.

    Up until that point Sony did a good job. Just because the hack happened doesn’t mean forget everything leading up to it. So, when weighing the entire scenario that a week before hand they let their Networking engineers go and afterwards there was a malicious attack means from that point to the next is where the judgement stands for them.

    With all the payouts they did in restructring, moving, payouts and insurance for each user with compensation not only if proven hacked but also given free games. They haven’t come out cheap at all. And, at that point I believe the lesson is learned on their behalf and others in that market.

    #23 1 year ago
  24. DSB

    @23 It’s purely your own assumption that the fact that there has been no catastrophe in the last 5 years somehow proves that the network was up to date before. It doesn’t reveal any facts about the network, and it could just as well have been vulnerable at any point in the past.

    The levees in New Orleans took the brunt of several hurricanes and survived, but that hardly means they were well maintained, or capable of protecting the city. By your logic that would be true. It’s not.

    Sony only offered people games that they published themselves. As such the game itself carries an initial expense of zero dollars and zero cents to Sony, and they’ll only be fronting the bill for the bandwidth, which isn’t much for a company that already has an infrastructure of that size.

    It’s a smart way to limit the chances you’ll be sued, without paying much to actually do it.

    EA pulled the same stunt when Simcity 5 fell flat on its face. Offering free games at next to zero cost is vastly preferable to actually giving people something of value, like actually refunding the game, which would’ve cost them money.

    *edit*

    In terms of the damage done, I’ll quote Kaz Hirai:

    “Information appears to have been stolen from all Playstation Network accounts, although not every piece of information in those accounts appears to have been stolen. The criminal intruders stole personal information from all of the approximately 77 million Playstation Network and Qriocity service accounts”

    #24 1 year ago