Sony drops hacking fine appeal over security concerns

Sony has dropped its appeal over a £250,000 fine levied by the Information Commissioner's Office (ICO) in relation to a 2011 hack on Sony's PlayStation Network. The company maintains that it disagrees with the fine but that an appeal could compromise its current security measures.

The hack took place in April, 2011 and left customer details exposed. These details included names, passwords, email addresses, postal addresses and dates of birth. Sony had also admitted at the time that it could not rule out the chance that some credit card information had been accessed.

The ICO criticised Sony for not having up-to-date software and not providing adequate security for its customers' data. "If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," said David Smith, Deputy Commissioner and Director of Data Protection.

"The penalty we've issued today is clearly substantial, but we make no apologies for that. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft."

The breach led Sony to completely rebuild its platform with more advanced security measures and alterations to prevent hackers from repeating their original attack. The company is now citing its security-consciousness as the reason for dropping its plan to appeal the fine.

"After careful consideration we are withdrawing our appeal," said a spokesperson for Sony. "This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding. We continue to disagree with the decision on the merits."
The explanation raises the curious potential scenario whereby appealing a fine over security practices and data hacking could lead to more security breaches and hacks.

Wired.co.uk contacted the ICO to ask whether safeguards are in place to prevent such an event. The ICO responded, stating: "This would be a matter for the First Tier Tribunal, where any appeal hearing would take place. However the Tribunal does have measures in place to ensure that information that should be kept out of the public domain is not released during the course of a hearing.