Skip to main content

Sony drops appeal over UK fine levied for data security hack

Sony is giving up its appeal over a £250,000 fine levied against it by the Information Commissioner's Office (ICO) (opens in new tab) over a 2011 data breach.

Sony's decision to drop the appeal comes as it prepares to spend millions of pounds in marketing on trying to generate good publicity around its forthcoming new PS4 games console.

The data breach left millions of PlayStation Network customers vulnerable from hackers. The company had vowed to fight the fine, but the ICO says the company has now dropped its appeal.

Sony claims it has done so in order to avoid revealing information on its security procedures, rather than because it now agrees with the decision. After an investigation by the ICO the fine was levied in the UK at the start of this year.

The hack exposed customers' home addresses, email addresses, dates of birth and account passwords. The ICO said customers' payment card details were also at risk from the hack.

At the time of the fine, ICO's deputy commissioner David Smith said, "Sony, as a leading technology company (opens in new tab), should have been better prepared. It is a company that trades on its technical expertise, and there's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe."

After being fined, Sony said that it would appeal as the breach that exposed the customer data resulted from a "focused and determined criminal attack".

After dropping the appeal Sony said, "After careful consideration we are withdrawing our appeal. This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceedings. We continue to disagree with the decision on the merits of the case."

An ICO spokesperson said, "We welcome Sony Computer Entertainment Europe Limited’s decision not to appeal our penalty notice following a serious breach of the Data Protection Act."