Officials at Sony woke up today to a very interesting problem. According to this article from Ars Technica, Sony is being fined $395,000 by a UK government body for the security breach that was suffered by users of PlayStation network back in 2011. At first, this doesn’t seem fair to Sony. People/Organizations should not have to be punished for being hacked. However, the UK argues that Sony, being such a huge corporation, should have been able to prevent this from happening. Back in 2011 when the network was breached, user’s dates of birth, names, email addresses, home addresses, passwords, and possibly credit card information were gleaned from Sony. The breach was so bad that Sony engineers had to shut down PlayStation network for three weeks in order to rebuild it. According to the Information Commissioner’s office (the body suing Sony), the network breach “could have been prevented if the software had been up-to-date, while technical developments also meant passwords were not secure.” They believe that Sony could have prevented all of this sensitive information from being leaked if their software had been current and secure. How have they deduced this? The IFO says a “data controller failed to take the action required [redacted] to address the vulnerability even though appropriate updates were available.”
Unsurprisingly, Sony disagrees with the ruling and plans to appeal, even though $395,000 is pocket change to the corporation. The most interesting thing about this situation is that nothing has been said about the 77 million users who were afflicted by the security breach. The IFO has not said anything about what their plans are for the money if they win the case in court, but would the users get some of that money? It does not sound like it. In 2011, Sony offered an incentive to all PlayStation network users for suffering the security breach, but that incentive is nothing compared to the bank cards and addresses that were leaked, possibly causing people to lose their hard-earned money.