The UK data protection regulator has issued a £250,000 fine to the gaming and electronics giant Sony following a hacking attack on Sony’s PlayStation Network Platform in April 2011.

The hacking resulted in the exposure of a number of customers’ names, addresses, email addresses, dates of birth, account passwords and payment details. The Information Commissioner’s Office (ICO) found that Sony had failed to provide adequate security measures to protect its customers’ personal information.
The fine is only the fourth such fine to be issued by the ICO in a case involving a private company and it is the largest fine to date against a private company under the UK Data Protection Act. The size of the fine reflects the size of the company, the resources available to prevent such an occurrence and the nature and quantity of the information that was exposed.

David Smith of the ICO said: “if you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority….. the security measures in place were simply not good enough’’.

Following the breach, Sony rebuilt its Network Platform to ensure that the personal information it processes is kept secure.

The case highlights the importance of maintaining a high level of security in relation to personal data, not only for the protection of consumers but also in terms of an organisation’s reputation.

Contributed by John Magee