Sony Fined $395K For 2011 PlayStation Network Hack, Plans Appeal

Sony Computer Entertainment has been fined a record £250,000 by the data protection watchdog after the personal details of millions of gamers – including passwords and credit card numbers – were leaked online.

The Information Commissioner’s Office on Thursday said the security breach was “one of the most serious” it has handled under the Data Protection Act. The £250,000 fine is the maximum penalty awarded by the ICO against a private company.

The privacy blunder happened in April 2011, when computer hackers targeted the Sony PlayStation Network. It compromised the personal information of millions of customers, including names, addresses, e-mail addresses, dates of birth and account passwords. Customers’ payment card details were also at risk, the ICO said.

“An ICO investigation found that the attack could have been prevented if the software had been up to date, while technical developments also meant passwords were not secure,” it added.

Sony, however, has released a statement saying that it plans to appeal the fine.

“Sony Computer Entertainment Europe strongly disagrees with the ICO’s ruling and is planning an appeal,” it said. “SCEE notes, however, that the ICO recognises Sony was the victim of “a focused and determined criminal attack,” that “there is no evidence that encrypted payment card details were accessed,” and that “personal data is unlikely to have been used for fraudulent purposes” following the attack on the PlayStation Network.”

Sony executives, including President and CEO of Sony Corporation Kazuo Hirai, made a public apology for the PSN hack in May 2011