Friday, 12 July 2013

Sony gives up £250,000 fine appeal after PlayStation hacks

Sony logo
Sony has given up its appeal over a fine of £250,000 from the Information Commissioner’s Office (ICO) having originally vowed to fight the case. The firm claimed it has done so in order to avoid revealing information on its security procedures rather than because it now agrees with the fine.

The ICO handed the fine to the firm at the start of the year after a hack in 2011 on its PlayStation Network left millions of customers' details exposed, including their addresses, email addresses, dates of birth and account passwords. The ICO said customers' payment card details were also at risk.
The ICO's deputy commissioner David Smith said Sony, as a leading technology company, should have been better prepared. "It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe," he said when announcing the fine.
However, Sony said at the time it would appeal as the breach that exposed the data was the result of a "focused and determined criminal attack".
But, writing on Twitter, the ICO said Sony had now dropped its case on the appeal.
Sony said that it was giving up the appeal because it was wary of revealing more information on its security procedures the process would have required, rather than because of any change of heart.
"After careful consideration we are withdrawing our appeal. This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding. We continue to disagree with the decision on the merits," a spokesperson said.
The ICO said it was pleased the firm had dropped the case: "We welcome Sony Computer Entertainment Europe Limited’s decision not to appeal our penalty notice following a serious breach of the Data Protection Act."
The news comes on the same day that the ICO handed out a substantial penalty to the NHS Surrey Trust of £200,000 for passing computers to a data destruction company that ended up selling the devices at auction still containing the sensitive records of 3,000 individuals.

No comments:

Post a Comment