Raking up the past

If you thought (or wished) that you’d heard the last of 2011’s infamous PlayStation Network outage, then think again. A UK government body responsible for investigating the hack has issued the platform holder with a £250,000 ($395k) fine, describing the attack as a “serious breach of the Data Protection Act”.

The Information Commissioner’s Office stated that the breach compromised the personal information of millions of consumers, including “their names, addresses, email addresses, dates of birth, and account passwords”. Payment information was also at risk, it added.

“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority,” explained David Smith, deputy commissioner and director of data protection. “In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.”

Sony has since responded to the ruling, declaring its intent to appeal: “SCEE notes that the ICO recognises Sony was the victim of ‘a focused and determined criminal attack’, that ‘there is no evidence that encrypted payment card details were accessed’, and that ‘personal data is unlikely to have been used for fraudulent purposes’ following the attack on the PlayStation Network.

“Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient.”

The organisation added that the “reliability of our network services and the security of our consumers’ information are of the utmost importance to us”. The firm employed a leading security specialist shortly after the breach in mid-2011 to ensure that the scenario would never occur again.

Considering no one was ever actually affected by the attack, this ruling seems harsh to us. There were plenty of stories about fraudulent charges during the outage, but none of that was ever tracked back to the PlayStation Network, regardless of what mainstream outlets reported at the time. Why dig this back up now?

[source ico.gov.uk, via mcvuk.com, vg247.com, vg247.com, eurogamer.net]