Sony‘s European branch was fined £250,000 by the UK Information Commissioner’s Office (ICO). ICO made it clear that Sony have made themselves accountable for putting users at risk since they failed to make sure the network was secure enough, and up-to-date.
Granted, ICO does acknowledge that Sony was targeted with a malicious intent, but the entire hack could have been prevented.
“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough,” says deputy commissioner and director of data protection, David Smith.
There has been no confirmation that credit card details or personal data was accessed during the hacked and used for fraudulent use, but ICO based their ruling off of the risk the breach meant for customers.