Sony Europe fined £250,000 for 2011 PlayStation Network hacking

UK regulatory body says Sony "let everybody down" regarding the hack, but the platform holder intends to appeal the ruling.

Sony Computer Entertainment Europe has been fined £250,000 by the UK Information Commissioner's Office (ICO) for its part in the global 2011 PlayStation Network breach which forced the service offline for 24 days and compromised the personal information of millions of users. The PlayStation owner says it intends to fight the ruling.

The ICO, an independent UK regulatory office which looks to uphold information rights, said Sony had put the personal information of its customers at "unnecessary risk" and had "let everybody down" for failing to ensure such information could not be accessed during the much-publicised hack in April 2011.

"We make no apologies for the penalty in this case," said David Smith, ICO deputy information commissioner and director of data protection, in a public statement. "It's a big penalty, it's quarter of a million pounds, but this is probably the most serious breach that we've had reported to us."

The ICO investigation concluded the hack "could have been prevented if the software had been up-to-date."

"Security is first and foremost the responsibility of the business and Sony let everybody down here," added Smith.

In a statement issued to GameSpot, Sony said it plans to fight the ruling. "Sony Computer Entertainment Europe strongly disagrees with the ICO’s ruling and is planning an appeal."

"SCEE notes, however, that the ICO recognises Sony was the victim of 'a focused and determined criminal attack,' that 'there is no evidence that encrypted payment card details were accessed,' and that 'personal data is unlikely to have been used for fraudulent purposes' following the attack on the PlayStation Network."

"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient. The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack."

During 2011's PlayStation Network outage there was much speculation about whether hackers had managed to obtain users' credit card information. After eight days of downtime, however, Sony said it was unlikely such details were obtained. "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack," said Sony at the time.

Sony CEO Kaz Hirai was one of several high-ranking executives who personally apologised for the hack, and the company eventually offered its users a selection of free games as compensation for the downtime.

Got a news tip or want to contact us directly? Email news@gamespot.com

Did you enjoy this article?

Sign In to Upvote

martingaston

Martin Gaston

Hi! I'm Martin, for some reason or another I have managed to convince the people who run GameSpot that I am actually wor
165 comments
soulless4now
soulless4now

Good luck fighting that. They'll need it. 

AncientDozer
AncientDozer

Oh boo hoo. Pay the 250,000. That's like what you have in your piggy bank, Sony.

DarkSaber2k
DarkSaber2k

"This fine is unfair! Yes we built a badly-designed easily hacked network that a high school kid could have designed to be more secure, that made it easy for someone to hack in and steal all your personal information, but you can't prove they did anything illegal with it so we should be in the clear!"

Way to miss the fucking point AGAIN Sony. Christ that arrogance is gonna the sink the company in the next 5 years.

LtCmdrShepard
LtCmdrShepard

I agree. Sony are to blame for it. and i think the fine should have been much higher. They got off easy. its the one reason i stopped playing PS3 and have an Xbox, because i do not want my identity stolen

91210user
91210user

We just don't like the Japanese take our sources of witches, faires and elves which allows them to make stories for their RPG games. I wish it was SquareEnix! That's why Nintendo doesn't want the Wii to be online 24/7. It's because of this!

TrueProphecy22
TrueProphecy22

Everything is hackable.  Fining a company that has already gone to great lengths and great expenses to increase their security is not going to help anyone.

Ripper_TV
Ripper_TV

This a joke? I'd fine them for at least 10 billion. Make him go bankrupt for this!

6orange6
6orange6

well, as long as we are reading headlines that say console maker gets large fine, and not hackers traced and given large fine, this will continue. Just to add to others comments, never ever put a debit card details into a console. They may look and act like credit cards but they are hardwired into your bank account and do not offer the same safeguards. Always use prepaid cards or face the concequences.

GH05T-666
GH05T-666

where is our cash for not being able to use our playstation 3 for 2 months?

SanjuroGT
SanjuroGT

Does this explain why so many people are getting account ban messages from SCEE because my friend who is from New York got a ban notice from SCEE just because he logged into some friends hacked ps3. I feel sorry for my friend but I just find it odd that he received a ban message from SCEE instead of SCEA

thequickshooter
thequickshooter

plus sony supports pay-pal now 

so everything should be fine putting up your pay-pal on your account

thequickshooter
thequickshooter

i never.ever. gonna put a credit card on a console 

even on XBL i don't want the company to know the digits 

there is a lot of pre-paid ways to buy like maximuscards, or buying a pre-paid card in a store 

it's more expansive sure,but it's 10000times safer 

FollowY0urBliss
FollowY0urBliss

This is ONE of the reasons I don't mind paying $50 a year for XBL..

And keep in mind, I'm not trying to attack the ps3 or psn in this comment.

TTDog
TTDog

Sony got away with a limp slap on the wrist and have said they'll appeal... maybe they'll get a proper fine at the appeal hearing.

warhawk-geeby
warhawk-geeby

I can't say I particularly approve of the fine.. because to be fair to Sony in the aftermath they seriously tried hard to please their customers.  They new they were in the wrong and offered everyone free games as a sorry.

What annoys me more however is the fact the UK Information Commissioner's Office will be receiving £250k, not the people that were actually affected. Why should ICO reap the benefits here? I wouldn't want to see Sony lose anything personally but if money has to go somewhere it should go to the customers, not a branch of the government.

Absolute joke.

DeFiLeDTitan
DeFiLeDTitan

Your computer was hacked? Well, that wasn't very responsible of you, now was it? We'll have to take your money now, sorry. 

mix_yan
mix_yan

hackers will try to hack no matter what the security is. so its dumb to fine sony

tightwad34
tightwad34

I was wondering who had the authority to fine them other than the government. I guess the ICO works for them, go figure. Why now? Year and a half later. Oh and I am also wondering if anyone heard or themselves had anything bad happen as a result of the hack.

sam628
sam628

ps3 sales should cover the fine haha

sam628
sam628

xbox live is more secure than sony network 

sam628
sam628

sony got a lite fine 

ArabrockermanX
ArabrockermanX

Yep and for all the Sony fanboys defending Sony and claiming the software was up to date here it is Sony being fined for out of date software. Fanboys need to learn not to stick their nose up corporate ***es.

AfrosRockMan
AfrosRockMan

I'm disappointed that the fees are so low. Yes, nothing is hack proof. But Sony knew the risks. They were negligent in protecting our data using outdated software with vulnerabilities they knew about, plus they failed to tell us that our data was at risk after the breach that they made the despicable choice of covering up at first, so now they're paying the price. 

 If you went and hired someone to paint your home while you're away, they ended up breaking a window due to negligence, but then failed to tell you about it for as long as Sony did with our data, during which all kinds of bad things could happen, would you not hold them responsible?

hemoleech
hemoleech

They should have had better security, but it's impossible to have everything completely hack proof. Anon has even managed to hack the Pentagon.

mlcarter815
mlcarter815

Nothing more than a P.R. move by the UK regulatory board. That fine is nothing more than a slap on the wrist. 

Albelnox0
Albelnox0

Gotta love all the bashing on sony here.  Especially the people who are saying "well you shouldn't use your credit card." And yet Steam, Blizzard, Origin, and Nintendo get a pass after they got hacked too.

DarkSaber2k
DarkSaber2k

@AncientDozer Not these days. All that piggy bank cash is tied up in the business of not letting their badly run company go belly up!

nathangray
nathangray

@TrueProphecy22 Actually, it will. It sets an example rather than just letting people off because they apologized. It doesn't work that way for people, it certainly shouldn't work that way for companies considering how much more responsibility they should have. If you do something stupid, you get fined and/or go to jail, you don't get to skip it because you're sorry. End of story. The only sad thing is £250k is pennies to Sony, should have hit them for 10 times that.

WolfGrey
WolfGrey

@FollowY0urBliss  Just remember when a hacker wants to hack something, they hack something.

And fyi i know tons of people who have xbox live who have had their credit/debit info hacked off of xbox live.

Microsoft's answer?(and i am not joking) "It was your fault for giving us the information online"

WolfGrey
WolfGrey

@TTDog  A proper fine for what? This is a office just trying to get some money off of Sony at this point. Otherwise it would of been done much closer to the time it happened.

And also Sony handled it well.And most of the information stolen, you could find in a dam phonebook or by searching someone's full name on google.

WolfGrey
WolfGrey

@sam628  Not really, just microsoft could care less about the rampact hacking and only bans the worst cases , most goes unpunished.

jhcho2
jhcho2

@ArabrockermanX  

And people like you choose to think what you just said is the main reason for the successful hacking. The truth is, anything can be hacked. You really think Xbox Live couldn't be hacked? MS was just lucky that they didn't piss off any hackers the way Sony did, by removing the 3rd party OS feature.

WolfGrey
WolfGrey

@AfrosRockMan  

No offense mate but the "info" that their software was outdated came from a guy on a forum that a techie put on his article as proof.

And Sony shutdown at the first true occurance and got to work trying to solve it.

Sure i am PC gamer first but i prefer information that is actually supported, don't you?

rasterror
rasterror

@hemoleech They fired their internet security shortly before the hack.  Maybe they thought Norton 360 was good enough.

ArabrockermanX
ArabrockermanX

@Albelnox0 But personal information was never at risk with all of those hacks... Also Nintendo's home page(useless information) got hacked not the gaming network where transactions take place... 


Sony here got hacked because they used crap software and fired staff... 

rasterror
rasterror

@Albelnox0 I lost $400 due to Sony not using any encryption on their SOE servers. Sony just didn't care about protecting their customers. 

Innocent_baby
Innocent_baby

@DarkSaber2k @AncientDozer Unfortunately, too true. I really hope they get there act together soon. Not only for console gaming but for all the people that rely on it for work. At least kill that uber money pit of a TV department Sony!

TTDog
TTDog

@WolfGrey Handled it well!!! Which part did you like the best? Where they denied it even happened for days or where they took even longer to actually let the users of those accounts what had happened?

This is a fine of less than half a penny per account... stupidly low considering they've been found to ba lax in their security... they got away with a light slap on the wrist at worst.

jtthegame316
jtthegame316

@WolfGrey @sam628 I would say it is is pretty much proven xbox live is more secure than psn seeing as the only hacking to happen on xbox live is dumb people giving others there password

ArabrockermanX
ArabrockermanX

@jhcho2 @ArabrockermanX You can slip on a store floor break your neck and die, that doesn't mean your family can sue the store for that if the store owner was taking reasonable measures to keep the damn floors clean. Sony wasn't taking reasonable measures that's why they are being fined.  

WolfGrey
WolfGrey

@jhcho2 @ArabrockermanX  

To be fair Microsoft and the 360 are hacked all the dam time.They just don't go public with it. In fact they often blame you instead and ban your account.Had a friend who had to wait two months for his account to be recovered.

And as for Sony, as said, if someone wants to hack, they are going to do it.

Albelnox0
Albelnox0

@ArabrockermanX @Albelnox0 So with steam, riot games, nintendo, battle.net getting hacked anyways, according to you THEY have good firewalls and "software.?" better then sony.  You're telling me even though these companies got hacked and stole information from these companies that Sony lacks security.  That makes no sense they got hacked it doesn't matter how much security you have, if someones going to hack they are going to hack you can't stop em. Any anti hack software and firewall is nothing to a hacker if they want to hack you they are going to hack you and dedicate their time to hacking you. That's pretty dumb to say and hypocritical..  And Actually peoples credit info was stolen through the steam hack, origin, League,and blizzard too.  Look it up.   Steam, blizzard, riot, and Ea never gave anything back.  Yet Sony did and for some reason they get the shot all the time for it.  Doesn't matter the point is your information is not safe anywhere, if someone wants to hack there are going to hack. You're not going to stop them no matter how good protection .  How about instead of blaming companies, you get recognition out there for hackers to get caught and arrested for stealing personal information instead of giving them a free pass.  You wan the real culprit, it's the hackers, or else they're gonna keep doing it.

WoodenStick
WoodenStick

@TTDog it's obvious that Sony has made efforts to build a even better security system for their customers, bc of the attack, but you're right in that Sony should have made it clear of what had happened.

Now if xbox360 could be hacked as stated previously and just waiting for it to happen, what do you think would happen? First thing one company doesn't want is panic.

What does panic cause on the internet? Massive net-traffic when the authorities are trying to track evidence of the hackers.

Increased net-traffic could jam network and thus prevent you from reaching the evidence.

ArabrockermanX
ArabrockermanX

@WolfGrey @jhcho2 @ArabrockermanX That doesn't change the fact that Sony had sub-par security. "Hackers gunna hack," is no excuse for being hacked, Sony has a responsibility to the consumer to take reasonable measures to protect their network and they didn't.