#Sony CEE confirms it will not be appealing £250k penalty after serious #DPA breach http://www.ico.org.uk/news/latest_news/2013/ico-news-release-2013 …
Sony Drops Appeal Against Monetary Fine Resulting From The 2011 Security Breach
In 2011, close to 77 million PlayStation Network accounts were affected by a large security breach. The Information Commissioner’s Office (ICO) fined Sony £250,000 stating that it should have been better prepared for the attack.
ICO is an independent European authority, “set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.”
The ICO’s deputy commissioner David Smith said of Sony when it announced its intent to fine the company, “It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.”
Sony disagreed with the fine, and attempted to appeal it. Recently however, Sony has decided to withdraw its appeal and pay the fine. A spokesperson for Sony reached out to European technology website V3 stating, “After careful consideration we are withdrawing our appeal. This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding. We continue to disagree with the decision on the merits.”
This sentiment from Sony was confirmed by the official ICO Twitter account:
The argument here between Sony and ICO is a difficult one to quantify. ICO’s Smith has no doubt in his mind that Sony could have prevented the breach, but is there a way to prove that without a doubt? If there’s is one thing hackers are consistent about, it’s their ability to bypass nearly any security system when they have the right motivation. The only thing Sony might have been able to prevent is becoming a target. Whether it could have prevented a breach with its “technical expertise” is impossible to determine. I understand Sony’s desire to fight the fine, but Sony does deserves a slap on the wrist. It’s fair to say that the Internet has forgiven Sony for the breach at this point, but it needs to be understood – by all companies that store private data – that there are consequences for inadequate security. It’s a good thing that Sony is paying the fine – even if it is begrudgingly.