UK authorities have hit Sony Entertainment Europe with a £250,000 fine following a probe into the hack of its PlayStation network in April 2011.
The episode, which saw the sensitive data of users put at risk, was described as a “serious breach” of the Data Protection Act by the ICO (Information Commissioner’s Office). The PlayStation network was knocked offline for several days which led to passwords becoming insecure, the ICO said, leaving names, addresses, dates of birth and card information vulnerable.
The hack was deemed preventable, with the ICO criticising Sony for not having up-to-date security software.
"If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," said David Smith, deputy commissioner and director of data protection at the ICO. "In this case that just didn't happen, and when the database was targeted - albeit in a determined criminal attack - the security measures in place were simply not good enough."
Sony told the BBC it "strongly disagreed" with the ruling and that it planned to appeal.
"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient," a spokesman for the firm added.