updated 06:24 am EST, Thu January 24, 2013
Gaming network intrusion 'could have been prevented'
Sony has been fined £250,000 ($395,000) by the Information Commissioner's Office of the United Kingdom over the April 2011 hack of the PlayStation Network. The UK authority criticized Sony Computer Entertainment Europe, claiming the online gaming system's infiltration "could have been prevented" if security software used by SCEE had been kept up-to-date, with increased security on user passwords.
The ICO report on the intrusion said that personal data, such as names, addresses, and payment details, were unprotected and at risk, according to the BBC. Deputy commissioner and director of data protection at the ICO said "If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," and that "the security measures in place were simply not good enough."
Sony "strongly disagreed" with the ruling, and plans to appeal against the fine. "Sony continually works to strengthen our systems, building in multiple layers of defense and working to make our networks safe, secure, and resilient," said a company spokesman.
Shortly after the original attack, Sony had rectified its security arrangements, compensated users with a month of free PlayStation Plus and extended subscriptions, and users in the US also received free identity theft insurance. Kaz Hirai, now CEO and then Vice President of Sony, publicly apologized for the intrusion at the time, which saw details of 77 million PSN members at risk.