The Information Commissioner’s Office (ICO) is investigating the recent Sony network breach with a view to taking action on behalf of the company’s three million registered UK users.
An ICO spokesperson said, “The Information Commissioner’s Office takes data protection breaches extremely seriously. Any business or organisation that is processing personal information in the UK must ensure they comply with the law, including the need to keep data secure.”
The ICO commented, “We have recently been informed of an incident which appears to involve Sony. We have contacted Sony and will be making further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office.”
The commissioner has, however, been criticised lately for a weak showing when it comes to fining companies that contravene the Data Protection Act. In the past year, despite several hundred reported breaches, only four companies have been fined. The penalties amount to a total of £310,000 despite the ICO having the power to levy up to £500,000 in any single action.
Sony now claims that the payment card details, which it maintains may or may not have been stolen, were encrypted. This alleviates some of the pressure, both from the UK and US governments, but analysts feel that, in this case especially, encryption is not enough.
“Sony has said the data was encrypted, but in some ways this is even more disturbing,” said Bill Tarzey, analyst and director at Quocirca, “the thief must have had access to the keys, suggesting a level of privileged users access and authentication had been achieved. It seems Sony is also unsure what has actually been accessed which implies data access auditing measures were not in place.”
Sony has said that the personal details and the payment card information were stored in separate databases but still seems unsure whether any card details were stolen. It estimates that the websites will be down for at least another week while its data infrastructure is moved to “a new, more secure location”.
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
View Comments
I think there is a lesson to be learned from Sony in terms of data breaches. If you were a user of the PlayStation network there's some free professional security advice here: http://bit.ly/mP23hU
I'm really interested to see what the ICOs next actions are going to be on this case...