Sony Decides Not to Appeal £250,000 ICO Fine

The announcement had been expected ever since the ICO Twitter account tweeted, "#Sony CEE confirms it will not be appealing £250k penalty after serious #DPA breach", last Thursday. Now Sony has made formal confirmation, although it continues "to disagree with the decision on the merits."

According to a report in Computing, Sony fears that fighting the case 'could risk exposing sensitive information about its own networks.' "This decision," said a Sony spokesperson, "reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding."

It was in January 2013 that the ICO announced the fine. “The penalty we’ve issued today is clearly substantial, but we make no apologies for that," said David Smith, deputy commissioner and director of data protection. "The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft."

The breach itself potentially exposed account details for up to 77 million customers, including names, addresses, email addresses, dates of birth and account passwords. Credit card details may also have been exposed, and although Sony said at the time that card data had been encrypted, it did not explain the strength of the encryption.

Had Sony continued with an appeal it would have been the first time that an ICO decision would have to face the power of corporate lawyers in the courts. For the most part, the sheer cost of legal action against fairly low fines has made appealing an uneconomic proposition. However, if the European Commission's GDPR proposal for fines based on global turnover become enacted in the future (leading to the potential for fines in the billions of dollars range for large corporates), then appeals are likely to become common for large companies in the future.

Sony could have been in the vanguard of that. Meanwhile it has proven to be in the vanguard for attacks against gaming companies. In this month alone, Ubisoft, Nintendo and Konami have all been attacked.

Sony Decides Not to Appeal £250,000 ICO Fine

You may also like

Someone’s got to pay

UK’s ICO Fines Cathay Pacific £500,000 for 2018 Breach

Uber Slapped with £385K ICO Fine for Major Breach

ICO Breach Reports Continue to Rise in Q2

ICO fines Sony £250,000 for loss of personal data in 2011

What’s hot on Infosecurity Magazine?

Alarming Decline in Cybersecurity Job Postings in the US

Quishing Attacks Jump Tenfold, Attachment Payloads Halve

Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted

North Korean Group Kimsuky Exploits DMARC and Web Beacons

New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads

Russia's Sandworm Upgraded to APT44 by Google's Mandiant

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

North Korean Group Kimsuky Exploits DMARC and Web Beacons

Report Suggests 93% of Breaches Lead to Downtime and Data Loss

US Government and OpenSSF Partner on New SBOM Management Tool

Russia and Ukraine Top Inaugural World Cybercrime Index

FBI Warns of Massive Toll Services Smishing Scam

Incident Response: Four Key Cybersecurity Measures to Protect Your Business

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Disinformation Defense: Protecting Businesses from the New Wave of AI-Powered Cyber Threats

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

Untangling the Web: Navigating Third-Party Risk in a Hyperconnected World

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024