Sony Accepts £250,000 PlayStation Network Hacking Fine

Sony has dropped its appeal against a £250,000 fine that was issued following a substantial cyber-attack on PlayStation users in 2011.

The British Information Commissioner's Office (ICO) ordered Sony to pay the fine in January, accusing the company of failing to provide adequate cyber-security to protect PlayStation users.

"If you are responsible for so many payment card details and log-in details then keeping that personal data secure has to be your priority," said David Smith, ICO's Deputy Commissioner and Director of Data Protection. "In this case that just didn't happen, and when the database was targeted - albeit in a determined criminal attack - the security measures in place were simply not good enough."

Sony appealed the fine, telling the BBC it "strongly disagreed" with the ICO's decision. However, the PlayStation 4 developer has now dropped the appeal, explaining that, though it still disagreed with the verdict, it would not risk further exposure of user information by presenting evidence to ICO:

"This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding," a Sony spokesman said. "We continue to disagree with the decision on the merits."

Forced offline

Personal and financial information of more than 70 million PlayStation Network (PSN) customers was acquired in a cyber-attack which occurred between 17 and 19 April. Following the attack, on 20 April, Sony was forced to take the PSN offline, re-launching it along with a firmware update on 14 May.

In response to consumer complaints, Sony offered free games to users as well as free memberships for its PlayStation Plus discount scheme.

Several other videogame companies have also been the subject of recent cyber-attacks. Ubisoft, creator of Assassin's Creed, recently saw its U-Play service targeted by hackers, who retrieved information such as names, email addresses and passwords. No financial data was obtained in the Ubisoft attack.

Konami reported that during a three-week period between June and July, there were 35,000 unauthorised logins to its Konami ID website.

Hackers also breached Nintendo's "Club Nintendo" service, with the company reporting that between 9 June and 4 July, 25,000 unauthorised logins had been successful.

Unlike the PlayStation Network breach, neither of these attacks gave hackers access to any financial data.