Almost one year on from it's security breach, Sony has some action taken against the preach.
Sony Computer Entertainment Limited of Europe was penalized today through a fine of $396,100 for a "serious breach" of the
Data Protection Act. The ICO, Information Commissioner's Office, said that this breach could have been prevented if Sony's security software had been up-to date. The ICO noted in a statement, "The penalty comes after the Sony PlayStation Network Platform was hacked in April 2011, compromising the personal information of millions of customers, including their names, addresses, email addresses, dates of birth and account passwords. Customers’ payment card details were also at risk." Although no such fraudulent activities were reported in relation to the breach, the ICO based the penalty purely off of the risk involved.
Deputy Commissioner and Director of Data Protection, David Smith, said "“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough. There’s no disguising that this is a business that should have known better. It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe." With over 77 million accounts being put at risk, I understand the logic behind this huge fine.
After this seemingly forever outage, Sony definitely beefed up their security. It takes some time for all of these court cases to fully play out, so that could be a reason as to why the fine was slapped so late.
Do you guys think this fine was fair and justified? Be sure to leave your opinions down below.
TL;DR: Sony fined almost 400K for security breach last year.