Sony defiant despite paying ICO fine

Sony has waved the while flag on its appeal against the £250,000 UK fine – issued for the data breach in April 2011 which saw millions of customer records compromised – despite saying it still disagrees with the decision.
The Information Commissioner’s Office (ICO) slapped the monetary penalty on Sony in January this year, nearly two years after it was hit by one of the largest data breaches in history. Even so, some said it was “paltry” compared with the seriousness of the issue.
The hack attack saw the personal details of 77 million worldwide customers – 3 million of which were in the UK – stolen from the PlayStation Network. Data included names, addresses, email addresses, dates of birth and account passwords, with customers’ payment card details also at risk.
The breach sparked uproar among Sony’s customer base, with authorities on both sides of the Atlantic – as well as at the European Commission – berating its slow response, after it took nearly a week to admit there had been an attack.
At the time, EU justice minister Viviane Reding slammed the seven-day delay, and it is thought that Sony’s inaction had a major influence on the 24-hour data breach proposal in the new EU Data Protection Regulation.
On issuing the fine, ICO deputy commissioner and director of data protection David Smith said: “[Sony] is a company that trades on its technical expertise, and there’s no doubt in my mind that it had access to both the technical knowledge and the resources to keep this information safe.
“The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft.”
Having initially said it would appeal, Sony has now conceded defeat because it says it does not want to reveal more information on its security procedures, rather than because of a change of heart.
A company statement read: “After careful consideration we are withdrawing our appeal. This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding. We continue to disagree with the decision on the merits.”