Sony given official reprieve over hack

Powered by SC Magazine

Privacy Commissioner to take no further action.

Australia's Privacy Commissioner has cleared Sony of wrongdoing after finding the company's security was up to scratch when its PlayStation service was hacked in April.

Commissioner Timothy Pilgrim asked Sony for details of its security architecture to ascertain whether the hack of Sony had broken local laws, despite its infrastructure being located outside of Australia.

Some 77 million user records were compromised during the two day outage, including some 1.6 million Australian accounts.

The investigation concluded there was sufficient infrastructure in place to protect the records and cleared Sony of wrongdoing.

The finding relied on information provided by Sony Computer Entertainment Australia to the Office of the Australian Information Commissioner (OAIC), according to a source close to the matter.

Sony would have breached the Australian Privacy Act if it had inappropriately disclosed customer information to a third party, or did not adequately protect data, the OAIC said.

“The evidence showed that no personal information was disclosed to unauthorised parties; rather the information was accessed as a result of a sophisticated security cyber-attack against the network platform,” the investigation's report said.

The report assessed the hacked security infrastructure against two National Privacy Principles.

The first, 2.1, stated that personal information could only be used or disclosed “for the primary purpose for which it was collected”.

The second, 4.1, stated that organisations must “take reasonable steps” to protect personal information from “misuse and loss and from unauthorised access, modification or disclosure”.

Australia's privacy guidelines do not contain deadlines for companies to inform customers when their information had been compromised, though the office found Sony's week-long wait before it informed customers was too long.

Pilgrim said Sony's Australian chapters should have quickly notified local customers of the hack instead of waiting for the delayed notification from Europe.

“This delay may have increased the risk of a misuse of the individuals' personal information,” he said.

“The Privacy Commissioner strongly recommended that Sony review how it applies the OAIC's guide to handling personal information security breaches.”

Copyright © SC Magazine, Australia

Sony given official reprieve over hack
Top Stories
Time management tips for CIOs
[Blog post] How to get to the genba.
Making a case for collaboration
[Blog post] Tap into your company’s people power.
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats