Sony drops appeal against £250,000 ICO fine for PlayStation hack
PS3 and PS4 manufacturer says it still disagrees with the fine, but won't continue to fight against it
Sony has dropped its appeal against the £250,000 fine handed out by the Information Commissioner's Office (ICO) following the PlayStation Network security breach in April 2011.
The PSN attack saw hackers expose personal details about millions of customers including names, email addresses, home addresses and dates of birth. At the time of the attack, Sony said it couldn't guarantee that some credit card information hadn't been stolen and PlayStation users were advised to take precautions with their accounts.
While Sony still disagrees with the fine from the ICO, the firm said that continuing to fight against the £250,000 fee could risk exposing sensitive information about its own networks.
"This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding," said a Sony spokesperson.
"We continue to disagree with the decision on the merits."
The ICO's investigation into the PSN hack, which exposed personal details about up to 70 million users, came to the conclusion the breach could have been prevented if the information had been more securely stored and software more up-to-date. It labelled the PSN breach as one of the most serious there had ever been.
"If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority. In this case that just didn't happen, and when the database was targeted - albeit in a determined criminal attack - the security measures in place were simply not good enough," said David Smith, ICO deputy commissioner and director of data protection.
"There's no disguising that this is a business that should have known better. The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft."
The video games industry regularly finds itself the target of cyber criminals, as hackers attempt to access personal data collected by video game publishers and developers. Only this month, Assassin's Creed developer Ubisoft was the victim of hackers, who made off with information including player usernames, email addresses and passwords.