The Information Commissioner’s Office (ICO) is investigating the recent Sony network breach with a view to taking action on behalf of the company’s three million registered UK users.
An ICO spokesperson said, “The Information Commissioner’s Office takes data protection breaches extremely seriously. Any business or organisation that is processing personal information in the UK must ensure they comply with the law, including the need to keep data secure.”
The ICO commented, “We have recently been informed of an incident which appears to involve Sony. We have contacted Sony and will be making further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office.”
The commissioner has, however, been criticised lately for a weak showing when it comes to fining companies that contravene the Data Protection Act. In the past year, despite several hundred reported breaches, only four companies have been fined. The penalties amount to a total of £310,000 despite the ICO having the power to levy up to £500,000 in any single action.
Sony now claims that the payment card details, which it maintains may or may not have been stolen, were encrypted. This alleviates some of the pressure, both from the UK and US governments, but analysts feel that, in this case especially, encryption is not enough.
“Sony has said the data was encrypted, but in some ways this is even more disturbing,” said Bill Tarzey, analyst and director at Quocirca, “the thief must have had access to the keys, suggesting a level of privileged users access and authentication had been achieved. It seems Sony is also unsure what has actually been accessed which implies data access auditing measures were not in place.”
Sony has said that the personal details and the payment card information were stored in separate databases but still seems unsure whether any card details were stolen. It estimates that the websites will be down for at least another week while its data infrastructure is moved to “a new, more secure location”.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
I think there is a lesson to be learned from Sony in terms of data breaches. If you were a user of the PlayStation network there's some free professional security advice here: http://bit.ly/mP23hU
I'm really interested to see what the ICOs next actions are going to be on this case...