British authorities have criticised the way Sony handled its hacking breach in 2011 and fined the company £250,000 for what is described as a “serious breach of the Data Protection Act.”
Nearly two years ago, hackers gained access to a poorly protected Sony server that contained reams of customer information, including: names, addresses, dates of birth, passwords and some credit card details. Sony has contested the ruling and has said it plans to appeal.
David Smith, director of data protection at the Information Commissioner’s Office said:
“If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.”
“There’s no disguising that this is a business that should have known better. It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.”
He did add the caveat that the hack had brought about a slight change in public opinion, making people a bit more wary of trusting their details to companies – even big ones.
KitGuru Says: A quarter mill. is a drop in the bucket for Sony. I wouldn’t be surprised if it spends a fair portion of that quantity on legal fees contesting it.