Sony fined $395,000 for 2011 hack of its PlayStation Network | Ars Technica
A UK government body has fined Sony £250,000 (about $394,570) for the devastating 2011 hack of its PlayStation Network, which resulted in one of the largest online breaches ever.
The Information Commissioner's Office announced the fine on Thursday, a little less than two years after Sony officials first disclosed the criminal intrusion into the online game platform. The breach exposed names, addresses, e-mail addresses, dates of birth, and cryptographically hashed passwords associated with some 77 million accounts. It also put credit card data at risk. The hack resulted in Sony shutting down the network for more than three weeks as engineers contained the damage and rebuilt the network.
"There’s no disguising that this is a business that should have known better," David Smith, deputy commissioner and director of data protection, said in the statement. "It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe."
A separate breach of Sony's online computer games service in May 2011 exposed data for another 25 million accounts.
The PlayStation Network attack "could have been prevented if the software had been up-to-date, while technical developments also meant passwords were not secure," the ICO statement said without elaborating. The ICO also issued a report detailing some of its findings. Although key passages were blacked out to redact sensitive information, one part that remained intact said a "data controller failed to take the action required [redacted] to address the vulnerability even though appropriate updates were available."
According to an article published by IDG News, a representative for Sony Computer entertainment said the fine was undeserved.
"SCE disagrees with the ruling and is planning an appeal," the news service quoted spokesman Satoshi Fukuoka as saying.
The agency gave Sony until February 13 to pay a reduced fine at a discount of 20 percent. It also gave Sony the option of appealing the ruling. The ICO has the authority to levy fines as high as £500,000.
too bad sony loses more than 395k a day so this isn't as bad as the freefall they are doing right now.