Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Sony fined in UK over PlayStation cyberattack
Thursday - 1/24/2013, 6:08am EST
LONDON (AP) - British regulators have fined Sony 250,000 pounds ($396,100) for failing to prevent a 2011 cyberattack on its PlayStation Network which put millions of users' personal information _ including names, addresses, birth dates and account passwords _ at risk.
Britain's Information Commissioner's Office said Thursday that security measures in place at the time "were simply not good enough." It said the attack could have been prevented if software had been up to date, while passwords were also not secure.
David Smith, deputy commissioner and director of data protection, acknowledged that the fine for a "serious breach of the Data Protection Act" was "clearly substantial" but said that the office makes "no apologies" for that.
"There's no disguising that this is a business that should have known better," he said in a statement. "It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe."
Smith called the case "one of the most serious ever reported" to the data regulator.
Sony, which has previously apologized for the data breach, said Thursday it "strongly disagrees" with the ruling and plans to appeal.
David Wilson, a spokesman for Sony Computer Entertainment Europe Ltd., said the company noted that the ICO recognized that Sony was the victim of a criminal attack and that there is no evidence payment card details were accessed.
"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defense and working to make our networks safe, secure and resilient," he said in a statement.
Cassandra Vinograd can be reached at http://twitter.com/CassVinograd
(Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)