Sony unit fined in U.K. for info leak

Kyodo

The Information Commissioner’s Office, Britain’s privacy watchdog, said Thursday it has fined Sony Computer Entertainment Inc. £250,000 (about ¥35 million) for leaking the personal information on its online gaming customers in 2011.

The penalty was imposed over a cyber-attack targeting a U.S. unit of Sony Corp. that led to the theft of the personal information of around 100 million PlayStation Network customers around the world. The information included their names and addresses.

The ICO said its investigation found that the data protection measures taken by SCE, as the gaming unit is known, were insufficient and that the theft could have been prevented if it had appropriately updated the related software.

David Smith, deputy commissioner and director of data protection at the ICO, said the penalty is “clearly substantial.” He said, “The case is one of the most serious ever reported to us. It directly affected a huge number of consumers, and at the very least put them at risk of identity theft.”

An SCE representative said the company does not agree with the ICO’s decision and is considering challenging it.