LONDON – British regulators fined Sony 250,000 pounds ($396,100) on Thursday for having insufficient security measures to prevent a cyberattack on its PlayStation Network.
The attack in April 2011 targeted credit card information through Sony’s PlayStation Network and put millions of users’ personal information — including names, addresses, birth dates and account passwords — at risk.
Britain’s Information Commissioner’s Office said Thursday that security measures in place at the time “were simply not good enough.” It said the attack could have been prevented if software had been up to date, while passwords were also not secure.
David Smith, deputy commissioner and director of data protection, acknowledged that the fine for a “serious breach of the Data Protection Act” was “clearly substantial” but said that the office makes “no apologies” for that.
“There’s no disguising that this is a business that should have known better,” he said in a statement. “It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.”
Smith called the case “one of the most serious ever reported” to the data regulator.