'There is no evidence that encrypted payment card details were accessed'
Sony is planning to appeal a £250,000 fine from the UK Information Commissioner’s Office for failing to protect its customers’ data during the PSN hack in April 2011.
The fine was slapped down by the ICO this morning after it found Sony was in breach of the Data Protection Act.
Personal information of PSN users such as addresses and credit card numbers were believed to have been stolen by hackers, but Sony has disputed whether any of the leaked details could have been used for fraudulent purposes.
ICO deputy commissioner David Smith said the hack was “the most serious breach we have had reported to us” and had no doubt Sony possessed the technical expertise to prevent such an attack.
In a statement however to MCV, Sony Computer Entertainment Europe said that it “strongly disagrees with the ICO’s ruling and is planning an appeal”, and highlighted the ICO's own findings that there was no evidence to suggest credit card details had been accessed.
"SCEE notes, however, that the ICO recognises Sony was the victim of ‘a focused and determined criminal attack,’ that ‘there is no evidence that encrypted payment card details were accessed,’ and that ‘personal data is unlikely to have been used for fraudulent purposes’ following the attack on the PlayStation Network,” read the statement.
"Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient.
"The reliability of our network services and the security of our consumers’ information are of the utmost importance to us, and we are appreciative that our network services are used by even more people around the world today than at the time of the criminal attack."