Described as a “serious breach” of the Data Protection Act, the Information Commissioner’s Office (ICO) attacked Sony for operating a sub-standard security system and claimed the hack could have been easily prevented.
Speaking with the BBC, a Sony spokesperson said: “Criminal attacks on electronic networks are a real and growing aspect of 21st century life and Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient.”
But according to the ICO’s report, technical developments on PSN led to user passwords becoming unsecured, exposing large amounts of sensitive data such as payment card information.
David Smith, deputy commissioner and director of data protection at the ICO said: “If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority.
“In this case that just didn’t happen, and when the database was targeted – albeit in a determined criminal attack – the security measures in place were simply not good enough.”
PSN was shut down for several days in May 2011, and prompted Sony to offer a variety of free downloadable games as an apology offering.
Sony maintains that since the hack the network has become more secure.