PS3 News: ICO Fines Sony For PSN Breach: They "Should've Known Better" - PS3 News

Members Login: Register | Why sign up? | Forgot Password?

ICO Fines Sony For PSN Breach: They "Should've Known Better"

Sony officially apologized to consumers for not better protecting the PlayStation Network. But that's not good enough for the Information Commissioner's Office.

According to a GamesIndustry.biz report, Sony has been fined £250,000 by the Information Commissioner's Office for not being able to prevent the security breath of the PSN back in April 2011.

The UK organization ruled that the company "hadn't met its duties in ensuring that software was up to date and had left vital passwords and systems in a vulnerable state." Many experts have made similar accusations. Said ICO director of data protection David Smith:

"If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn't happen, and when the database was targeted - albeit in a determined criminal attack - the security measures in place were simply not good enough. There's no disguising that this is a business that should have known better."

Since the hack, Sony has beefed up security for the PSN, but consumers don't forget that easily. Of course, personal information on the Internet in any form is always at risk, but it's probably true that Sony simply didn't do enough in terms of prevention. Here's hoping things keep moving in a positive direction heading into the new generation.

Tags: playstation network, psn, psn outage, playstation network hack

1/24/2013 11:20:07 PM John Shepard

Put this on your webpage or blog:
Email this to a friend
Follow PSX Extreme on Twitter

Share on Twitter Share on Facebook Share on Google Share on MySpace Share on Delicious Share on Digg Share on Google Buzz Share via E-Mail Share via Tumblr Share via Posterous

Comments (27 posts)

WorldEndsWithMe
Thursday, January 24, 2013 @ 11:33:12 PM
Reply

Oh I get it, I was gonna say, how can Team ICO fine Sony?

Agree with this comment 10 up, 1 down Disagree with this comment

Akuma07
Thursday, January 24, 2013 @ 11:43:56 PM

Hahaha, thought the same thing.

Agree with this comment 6 up, 1 down Disagree with this comment

Ben Dutka PSXE [Administrator]
Thursday, January 24, 2013 @ 11:44:11 PM

Bah. Sony should fine Team ICO.

Agree with this comment 10 up, 1 down Disagree with this comment

WorldEndsWithMe
Thursday, January 24, 2013 @ 11:48:02 PM

lol

Agree with this comment 2 up, 1 down Disagree with this comment

Cesar_ser_4
Friday, January 25, 2013 @ 12:17:16 AM

on what grounds mr. Dutka?

Agree with this comment 0 up, 0 down Disagree with this comment

Ben Dutka PSXE [Administrator]
Friday, January 25, 2013 @ 12:22:53 AM

For not pushing them to give us The Last Guardian, obviously.

Agree with this comment 4 up, 0 down Disagree with this comment

Cesar_ser_4
Friday, January 25, 2013 @ 12:26:19 AM

It just came to me. Imagine if ICO threatened to sue Naughty Dog over the title "The Last of Us", just like Take Two is doing to that director. That would be a good April Fools headline.

Agree with this comment 1 up, 1 down Disagree with this comment

Kiryu
Friday, January 25, 2013 @ 7:24:27 AM

I thought the same thing haha

Agree with this comment 0 up, 0 down Disagree with this comment

bigrailer19
Friday, January 25, 2013 @ 12:10:31 AM
Reply

I guess the same could be said for all the other companies that get attacked as well.

I get it, its personal information, and it should be kept as safe as possible. But the key wordd there is as possible. Determination will always win in the cyber world.

Agree with this comment 1 up, 0 down Disagree with this comment

sawao_yamanaka
Friday, January 25, 2013 @ 12:37:17 AM

But no fraudulent activity happened from it :\. I think some people are just bitter. How many times do people get their money stolen from live and yet Microsoft doesn't get fined. That's kind of idiotic but oh well.

Agree with this comment 3 up, 0 down Disagree with this comment

SaiyanSempai
Friday, January 25, 2013 @ 2:05:47 AM

Yeah, there is no such thing as 100% secure on the internet. This is a ridiculous case.

Agree with this comment 2 up, 0 down Disagree with this comment

EddPm6
Friday, January 25, 2013 @ 12:31:01 AM
Reply

I don't see how they could have been "better prepared"
It was a sophisticated deliberate attack on PSN that didnt get to anything REALLY important.
This would be like if [YOUR BANK NAME HERE] had a robbery attempt one day and the police decided it was the banks fault for having doors on the building.

Agree with this comment 5 up, 2 down Disagree with this comment

Highlander
Friday, January 25, 2013 @ 2:29:01 AM

Several high profile financial institutions, one network security firm, one password security firm, Lockheed Martin and the folks behind RSA security tags were all hacked since Sony's PSN was attacked. Yet the media still likes to chug along banging Sony over the head for poor security.

Agree with this comment 5 up, 3 down Disagree with this comment

___________
Friday, January 25, 2013 @ 6:01:21 AM

right, they couldent of been better prepared.
what about all the recent security procedures they put in place since the attack?
we couldent of been more prepared, but we have done x,y and z to be better prepared for, if, this happens again.

either A their full of sh*t and just did not want to spend the money for the sake of what ifs, or B there full of sh*t and havent put any extra security procedures in place since the attacks!


Last edited by ___________ on 1/25/2013 6:03:43 AM

Agree with this comment 2 up, 3 down Disagree with this comment

Highlander
Friday, January 25, 2013 @ 1:20:37 PM

Mr Underline...

I have worked in network security, and like any security, you prepare what you can. If there is an attack that succeeds, you learn from it, and take the precautions to plug whatever gaps the attack exposes. That is the nature of the beast. no matter how well prepared you are, or think you are, a determined attacker may still find a way in. When that happens, you learn from it and move on. Castigating Sony over this is simply exercising your existing hatred for Sony and has nothing to do with the reality of the situation.

Agree with this comment 2 up, 0 down Disagree with this comment

kraygen
Friday, January 25, 2013 @ 12:40:33 AM
Reply

We'll never know is Sony was well prepared, if they were lacking, or if the hacking assault just happened to be good enough to break through their security.

In the end, hackers can find a way with enough effort and no one is invulnerable.

Agree with this comment 3 up, 1 down Disagree with this comment

WorldEndsWithMe
Friday, January 25, 2013 @ 1:05:49 AM
Reply

From what I read back then it did seem that some common sense measures weren't there, they were weak. Even though the info was hashed, it shouldn't have been able to be gotten in the first place. So maybe this fine will just kick em in the ass to keep the bars on the windows thick in the future.

Agree with this comment 2 up, 5 down Disagree with this comment

Highlander
Friday, January 25, 2013 @ 2:18:44 AM

Most of those articles were ultimately full of crap, speculation and downright wrong.

Agree with this comment 5 up, 3 down Disagree with this comment

WorldEndsWithMe
Friday, January 25, 2013 @ 2:37:47 PM

I only read about it here, but you are the networking guy so I'll defer to your analysis.

Agree with this comment 1 up, 0 down Disagree with this comment

Highlander
Friday, January 25, 2013 @ 2:18:16 AM
Reply

Let's see. Contrary to the sensationalist reports at the time, Sony's systems were not as out of date or unpatched as claimed. A lot of the information that passed as fact in the first month or so was repeated so often that most people regard it as fact, but it's almost entirely incorrect. Most PSN systems were relatively up to date, though like most corporations, their patch schedule is somewhat behind the release of the patches (where I work we are at least a month behind even on our most up to date systems because all patches have to be tested in Dev or Test environments before being pushed to production). The PSN passwords were hashed and salted - despite it beiong reported that they were not, the Credit card information was encrypted as per the standards for electronic commerce - despite it being reported that they were not, there were perimeter defenses and standard system security in place - despite several sources claiming that there was no security. No passwords were stored in plain text, though apparently email addresses and PSN names were - shockingly enough. 77 million accounts were involved, yet no credible cases of card fraud have been reported and no information has - as far as I am aware - been transacted from the attack.

Funny how this still garners headlines despite several high profile banks being hacked in the meantime - and losing transaction/card information in the process.

Saying that Sony should've known is rather like saying that Japan should've known that there would be a 9.3 Magnitude earthquake and the largest Tsunami in modern history, and then fining them for being in the way of it.

Last edited by Highlander on 1/25/2013 2:27:13 AM

Agree with this comment 5 up, 3 down Disagree with this comment

Dirt
Friday, January 25, 2013 @ 4:02:50 AM

I could't have said it better myself. Especially that last part. You got me in a good humor, buddy.

Agree with this comment 2 up, 1 down Disagree with this comment

___________
Friday, January 25, 2013 @ 5:59:17 AM
Reply

gotta love $onys piss poor response to this!
basically its, oh well theres no evidence details were stolen so this is unfair.
thats not the point, the point is you stored customers details in a inapropriate manner, what does having proof that peoples info stolen have to do with it?
so as long as no one steals anything, its fine to leave the door open and invite them in?
ok fair enough, kaz lend me the keys to your house and i promise ill leave the door open but ill make sure nothings stolen.
yea, thats what i thought!
come on if your going to come up with a piss poor excuse, at least put half your a$$ into it!

Agree with this comment 2 up, 4 down Disagree with this comment

Hand_of_Sorrow
Friday, January 25, 2013 @ 7:04:42 AM
Reply

"if" the security "was" weak, there would have been more
hacks, imo.

i may never forget the psn hack, but i forgave sony!

Agree with this comment 1 up, 0 down Disagree with this comment

Underdog15
Friday, January 25, 2013 @ 8:25:17 AM
Reply

First of all, I can't handle all these blank lines...

Second, I thought CC numbers were all safe in NA and EU?

Agree with this comment 3 up, 2 down Disagree with this comment

Knightzane
Friday, January 25, 2013 @ 9:34:28 AM
Reply

Yeah, the FBI get hacked (rarely) and Sony is the one to get fined. Such BS.

Agree with this comment 2 up, 1 down Disagree with this comment

Meatloaf
Friday, January 25, 2013 @ 11:18:35 AM
Reply

I'm sick of hearing about this! Yeah Sony had their pants down, however Microsoft keeps their pants down all the time and nobody says a damn thing! Sony also shut the psn down so they wouldn't loss more money and gave free identity theft protection for the Playstation Users! Sony also gave away free games and gave the Playstation Home a face lift Extreme Makeover style! If that isn't good enough, ICO can go to hell! This is obviously a shake down because ICO is getting paid off from Microsoft to make Sony look bad because they are scared!
Microsoft puts small Businesses out if they feel threatened by doing things like this! Microsoft has and always be a fraud and a shadow of Apple and never be able to live up to their name! If Bill Gates don't have faith in Microsoft anymore, that should say something!

Agree with this comment 3 up, 0 down Disagree with this comment

Meatloaf
Friday, January 25, 2013 @ 11:28:37 AM
Reply

Cesar_ser_4, look at it this way! If the ICO fined every company only on the grounds of being hacked that about every company out there will be fined! It is not the point Sony got hacked, at least Sony never lied and spend millions of dollars making up for it, ingrate!

Agree with this comment 3 up, 0 down Disagree with this comment

Leave a Comment

Please login or register to leave a comment.

Our Poll

The PS4 exclusive(s) reveal in December will be...
MEGATON! Biggest thing evah!
Pretty great, but not mind-blowing.
Something decent but that's it.
A waste of hype.

Previous Poll Results