Sony fined £250k over ‘serious’ Data Protection Act breach
Sony has been hit with a £250k fine after the Information Commissioners Office found the Japanese giant guilty of allowing a ‘serious breach’ of the Data Protection Act for failing to use up to date security software on its PlayStation Network.
Back in April 2011 this allowed hackers to break into its online store, exposing a raft of personal information such as names, addresses, dates of birth and credit card information to criminals.
According to BBC News ICO deputy commissioner David Smith said the breach was one of the most serious he’d ever come across. Smith said: “If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority.
"In this case that just didn't happen, and when the database was targeted - albeit in a determined criminal attack - the security measures in place were simply not good enough.
"There's no disguising that this is a business that should have known better," Mr Smith added.
"It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe."
Sony executives bowed in contrition in the wake of the scandal and have since rebuilt the service from the bottom up to be more secure.