ICO Fines Sony For PSN Breach: They "Should've Known Better"

Sony officially apologized to consumers for not better protecting the PlayStation Network. But that's not good enough for the Information Commissioner's Office.

According to a GamesIndustry.biz report, Sony has been fined £250,000 by the Information Commissioner's Office for not being able to prevent the security breath of the PSN back in April 2011.

The UK organization ruled that the company "hadn't met its duties in ensuring that software was up to date and had left vital passwords and systems in a vulnerable state." Many experts have made similar accusations. Said ICO director of data protection David Smith:

"If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn't happen, and when the database was targeted - albeit in a determined criminal attack - the security measures in place were simply not good enough. There's no disguising that this is a business that should have known better."

Since the hack, Sony has beefed up security for the PSN, but consumers don't forget that easily. Of course, personal information on the Internet in any form is always at risk, but it's probably true that Sony simply didn't do enough in terms of prevention. Here's hoping things keep moving in a positive direction heading into the new generation.

Tags: playstation network, psn, psn outage, playstation network hack

1/24/2013 11:20:07 PM John Shepard

Put this on your webpage or blog:
Email this to a friend
Follow PSX Extreme on Twitter

Comments (27 posts)

Toggle Scrolling | Reload Comments

WorldEndsWithMe
Thursday, January 24, 2013 @ 11:33:12 PM
Reply

Oh I get it, I was gonna say, how can Team ICO fine Sony?

10 up, 1 down

Akuma07
Thursday, January 24, 2013 @ 11:43:56 PM

Hahaha, thought the same thing.

6 up, 1 down

Ben Dutka PSXE [Administrator]
Thursday, January 24, 2013 @ 11:44:11 PM

Bah. Sony should fine Team ICO.

10 up, 1 down

WorldEndsWithMe
Thursday, January 24, 2013 @ 11:48:02 PM

lol

2 up, 1 down

Cesar_ser_4
Friday, January 25, 2013 @ 12:17:16 AM

on what grounds mr. Dutka?

0 up, 0 down

Ben Dutka PSXE [Administrator]
Friday, January 25, 2013 @ 12:22:53 AM

For not pushing them to give us The Last Guardian, obviously.

4 up, 0 down

Cesar_ser_4
Friday, January 25, 2013 @ 12:26:19 AM

It just came to me. Imagine if ICO threatened to sue Naughty Dog over the title "The Last of Us", just like Take Two is doing to that director. That would be a good April Fools headline.

1 up, 1 down

Kiryu
Friday, January 25, 2013 @ 7:24:27 AM

I thought the same thing haha

0 up, 0 down

bigrailer19
Friday, January 25, 2013 @ 12:10:31 AM
Reply

I guess the same could be said for all the other companies that get attacked as well.

I get it, its personal information, and it should be kept as safe as possible. But the key wordd there is as possible. Determination will always win in the cyber world.

1 up, 0 down

sawao_yamanaka
Friday, January 25, 2013 @ 12:37:17 AM

But no fraudulent activity happened from it :\. I think some people are just bitter. How many times do people get their money stolen from live and yet Microsoft doesn't get fined. That's kind of idiotic but oh well.

3 up, 0 down

SaiyanSempai
Friday, January 25, 2013 @ 2:05:47 AM

Yeah, there is no such thing as 100% secure on the internet. This is a ridiculous case.

2 up, 0 down

EddPm6
Friday, January 25, 2013 @ 12:31:01 AM
Reply

I don't see how they could have been "better prepared"
It was a sophisticated deliberate attack on PSN that didnt get to anything REALLY important.
This would be like if [YOUR BANK NAME HERE] had a robbery attempt one day and the police decided it was the banks fault for having doors on the building.

5 up, 2 down

Highlander
Friday, January 25, 2013 @ 2:29:01 AM

Several high profile financial institutions, one network security firm, one password security firm, Lockheed Martin and the folks behind RSA security tags were all hacked since Sony's PSN was attacked. Yet the media still likes to chug along banging Sony over the head for poor security.

5 up, 3 down

___________
Friday, January 25, 2013 @ 6:01:21 AM

right, they couldent of been better prepared.
what about all the recent security procedures they put in place since the attack?
we couldent of been more prepared, but we have done x,y and z to be better prepared for, if, this happens again.

either A their full of sh*t and just did not want to spend the money for the sake of what ifs, or B there full of sh*t and havent put any extra security procedures in place since the attacks!

Last edited by ___________ on 1/25/2013 6:03:43 AM

2 up, 3 down

Highlander
Friday, January 25, 2013 @ 1:20:37 PM

Mr Underline...

I have worked in network security, and like any security, you prepare what you can. If there is an attack that succeeds, you learn from it, and take the precautions to plug whatever gaps the attack exposes. That is the nature of the beast. no matter how well prepared you are, or think you are, a determined attacker may still find a way in. When that happens, you learn from it and move on. Castigating Sony over this is simply exercising your existing hatred for Sony and has nothing to do with the reality of the situation.

2 up, 0 down

kraygen
Friday, January 25, 2013 @ 12:40:33 AM
Reply

We'll never know is Sony was well prepared, if they were lacking, or if the hacking assault just happened to be good enough to break through their security.

In the end, hackers can find a way with enough effort and no one is invulnerable.

3 up, 1 down

WorldEndsWithMe
Friday, January 25, 2013 @ 1:05:49 AM
Reply

From what I read back then it did seem that some common sense measures weren't there, they were weak. Even though the info was hashed, it shouldn't have been able to be gotten in the first place. So maybe this fine will just kick em in the ass to keep the bars on the windows thick in the future.

2 up, 5 down

Highlander
Friday, January 25, 2013 @ 2:18:44 AM

Most of those articles were ultimately full of crap, speculation and downright wrong.

5 up, 3 down

WorldEndsWithMe
Friday, January 25, 2013 @ 2:37:47 PM

I only read about it here, but you are the networking guy so I'll defer to your analysis.

1 up, 0 down

Highlander
Friday, January 25, 2013 @ 2:18:16 AM
Reply

Let's see. Contrary to the sensationalist reports at the time, Sony's systems were not as out of date or unpatched as claimed. A lot of the information that passed as fact in the first month or so was repeated so often that most people regard it as fact, but it's almost entirely incorrect. Most PSN systems were relatively up to date, though like most corporations, their patch schedule is somewhat behind the release of the patches (where I work we are at least a month behind even on our most up to date systems because all patches have to be tested in Dev or Test environments before being pushed to production). The PSN passwords were hashed and salted - despite it beiong reported that they were not, the Credit card information was encrypted as per the standards for electronic commerce - despite it being reported that they were not, there were perimeter defenses and standard system security in place - despite several sources claiming that there was no security. No passwords were stored in plain text, though apparently email addresses and PSN names were - shockingly enough. 77 million accounts were involved, yet no credible cases of card fraud have been reported and no information has - as far as I am aware - been transacted from the attack.

Funny how this still garners headlines despite several high profile banks being hacked in the meantime - and losing transaction/card information in the process.

Saying that Sony should've known is rather like saying that Japan should've known that there would be a 9.3 Magnitude earthquake and the largest Tsunami in modern history, and then fining them for being in the way of it.

Last edited by Highlander on 1/25/2013 2:27:13 AM

5 up, 3 down

Dirt
Friday, January 25, 2013 @ 4:02:50 AM

I could't have said it better myself. Especially that last part. You got me in a good humor, buddy.

2 up, 1 down

___________
Friday, January 25, 2013 @ 5:59:17 AM
Reply

gotta love $onys piss poor response to this!
basically its, oh well theres no evidence details were stolen so this is unfair.
thats not the point, the point is you stored customers details in a inapropriate manner, what does having proof that peoples info stolen have to do with it?
so as long as no one steals anything, its fine to leave the door open and invite them in?
ok fair enough, kaz lend me the keys to your house and i promise ill leave the door open but ill make sure nothings stolen.
yea, thats what i thought!
come on if your going to come up with a piss poor excuse, at least put half your a$$ into it!

2 up, 4 down

Hand_of_Sorrow
Friday, January 25, 2013 @ 7:04:42 AM
Reply

"if" the security "was" weak, there would have been more
hacks, imo.

i may never forget the psn hack, but i forgave sony!

1 up, 0 down

Underdog15
Friday, January 25, 2013 @ 8:25:17 AM
Reply

First of all, I can't handle all these blank lines...

Second, I thought CC numbers were all safe in NA and EU?

3 up, 2 down

Knightzane
Friday, January 25, 2013 @ 9:34:28 AM
Reply

Yeah, the FBI get hacked (rarely) and Sony is the one to get fined. Such BS.

2 up, 1 down

Meatloaf
Friday, January 25, 2013 @ 11:18:35 AM
Reply

I'm sick of hearing about this! Yeah Sony had their pants down, however Microsoft keeps their pants down all the time and nobody says a damn thing! Sony also shut the psn down so they wouldn't loss more money and gave free identity theft protection for the Playstation Users! Sony also gave away free games and gave the Playstation Home a face lift Extreme Makeover style! If that isn't good enough, ICO can go to hell! This is obviously a shake down because ICO is getting paid off from Microsoft to make Sony look bad because they are scared!
Microsoft puts small Businesses out if they feel threatened by doing things like this! Microsoft has and always be a fraud and a shadow of Apple and never be able to live up to their name! If Bill Gates don't have faith in Microsoft anymore, that should say something!

3 up, 0 down

Meatloaf
Friday, January 25, 2013 @ 11:28:37 AM
Reply

Cesar_ser_4, look at it this way! If the ICO fined every company only on the grounds of being hacked that about every company out there will be fined! It is not the point Sony got hacked, at least Sony never lied and spend millions of dollars making up for it, ingrate!

3 up, 0 down

Please login or register to leave a comment.

Grand Theft Auto: Liberty City Stories cheats	PSP
Grand Theft Auto: San Andreas cheats	PS2
Max Payne cheats	PS2
Saints Row: The Third cheats	PS3
FIFA Soccer 12 cheats	PS3
Virtua Fighter 5 cheats	PS3
Countdown Vampires cheats	PS1
The Incredible Hulk cheats	PS3
Wild Arms 4 cheats	PS2
WCW Mayhem cheats	PS1

Grid 2 review	PS3
The Last Of Us review	PS3
Remember Me review	PS3
Call of Juarez: Gunslinger review	PS3
Fuse review	PS3
Resident Evil: Revelations review	PS3
Metro: Last Light review	PS3
Zombie Tycoon II: Brainhov's Revenge review	PS3
Far Cry 3: Blood Dragon review	PS3
Star Trek: The Video Game review	PS3

South Park: The Stick of Truth preview	PS3
Murdered: Soul Suspect preview	PS3
The Bureau: XCOM Declassified preview	PS3
Time and Eternity preview	PS3
Ride to Hell: Retribution preview	PS3
Call of Juarez: Gunslinger preview	PS3
Far Cry 3: Blood Dragon preview	PS3
Spartacus Legends preview	PS3
Payday 2 preview	PS3
DUST 514 preview	PS3

Playstation 3

Playstation 4

PSP

Playstation Vita

Playstation 2

Playstation

Other

PSX Extreme

Site Stats

ICO Fines Sony For PSN Breach: They "Should've Known Better"

Comments (27 posts)

Leave a Comment

Latest Updates

Popular Cheats

Recent Reviews

Recent Previews

Popular Sections

Extras