Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony Fined In UK For PlayStation Network Hack

Posted by timothy on from the that's-barely-a-bonus-for-ceos dept.

Sockatume writes "The UK's information protection authority, the ICO, has fined Sony for failing to adequately secure the information of PlayStation Network users. The investigation was triggered by a 2011 security breach, during which personally identifying information (including password hashes) was recovered from a Sony database where it had been stored without encryption. In the ICO's view Sony's security measures were inadequate, and the attack could have been prevented. The £250,000 (ca. $400,000) fine, the largest the ICO has ever imposed, is equivalent to a few pennies per affected user. Sony disagrees with the ICO's decision and intends to appeal."

3 of 86 comments (clear)

  1. My god! by serviscope_minor · · Score: 5, Insightful

    GBP 250,000

    That's a lot of money. I'm sure a multibillion sized corporation will really sit up and take notice. If they keep on doing that, say several hunded thousand times per year it might even affect their bottom line.

    --
    SJW n. One who posts facts.
  2. $400k? That's it? by eth1 · · Score: 5, Interesting

    I'm so sure that will get them to shape up right away...

    Maybe it's time to start enforcing corporate fines as a percentage of current market cap, payable by newly issued stock to the regulatory agencies. That would deflate the value of the existing stock, getting the shareholders to whip the company into line (hopefully). Also, too many repeat offenses would give the regulators increasing control over the company itself. After 5-10 years, allow the company to buy the stock back.

  3. Re:Good ... by 1s44c · · Score: 5, Insightful

    So many of these security stories sound like they had a co-op student do it in an afternoon with no consideration for anything other than getting it done quickly.

    From what I've seen most companies get a qualified, experienced, and smart person who really wants to do a great job to secure these things. Then they demand it's done in a week. Then they demand that for each day in that week that person must attend 6 hours of meetings. Then they make it very clear that security must never affect functionality.

    Not that I'm saying it's just security people that get squeezed into doing a bad job when they really want to do a good one. It happens a lot.