Data breach at Sony results in £250k fine from ICO due to the breach being deemed preventable
In April of the specified year, the PlayStation Network (PSN) suffered a significant data breach, with hackers stealing millions of customers' data. The attack was part of a campaign launched by the hactivist group Anonymous.
The head of Sony Computer Entertainment Europe at the time, Andrew House, was at the helm during this cyber assault. The database targeted in the attack was subjected to a determined criminal attack, as stated by the UK's data watchdog.
The security measures in place during the attack were not sufficient, according to the UK's data watchdog, and the breach could have been prevented. Sony, it seems, did not keep its security software up to date, and customer passwords were not encrypted by the company.
In light of these findings, the ICO deputy commissioner and director of data protection, David Smith, has expressed concern. Smith stated that keeping personal data secure should be a priority, especially for a company handling payment card details and log-in details. In this case, the security measures in place were not good enough, according to Smith.
Despite these shortcomings, Sony appreciates that its network services are used by more people around the world now than at the time of the attack. The company continually works to strengthen its systems, building in multiple layers of defense and working to make its networks safe, secure, and resilient.
In response to the ICO's ruling, Sony Computer Entertainment Europe disagrees and plans to appeal. Regardless, the reliability of Sony's network services and the security of consumers' information are of utmost importance to Sony.
This incident serves as a reminder for all companies to prioritize data security and ensure their systems are always up-to-date and protected against potential threats.
