The Information Commissioner’s Office (ICO) is investigating the recent Sony network breach with a view to taking action on behalf of the company’s three million registered UK users.
An ICO spokesperson said, “The Information Commissioner’s Office takes data protection breaches extremely seriously. Any business or organisation that is processing personal information in the UK must ensure they comply with the law, including the need to keep data secure.”
The ICO commented, “We have recently been informed of an incident which appears to involve Sony. We have contacted Sony and will be making further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office.”
The commissioner has, however, been criticised lately for a weak showing when it comes to fining companies that contravene the Data Protection Act. In the past year, despite several hundred reported breaches, only four companies have been fined. The penalties amount to a total of £310,000 despite the ICO having the power to levy up to £500,000 in any single action.
Sony now claims that the payment card details, which it maintains may or may not have been stolen, were encrypted. This alleviates some of the pressure, both from the UK and US governments, but analysts feel that, in this case especially, encryption is not enough.
“Sony has said the data was encrypted, but in some ways this is even more disturbing,” said Bill Tarzey, analyst and director at Quocirca, “the thief must have had access to the keys, suggesting a level of privileged users access and authentication had been achieved. It seems Sony is also unsure what has actually been accessed which implies data access auditing measures were not in place.”
Sony has said that the personal details and the payment card information were stored in separate databases but still seems unsure whether any card details were stolen. It estimates that the websites will be down for at least another week while its data infrastructure is moved to “a new, more secure location”.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
I think there is a lesson to be learned from Sony in terms of data breaches. If you were a user of the PlayStation network there's some free professional security advice here: http://bit.ly/mP23hU
I'm really interested to see what the ICOs next actions are going to be on this case...