Sony given official reprieve over hack

Powered by SC Magazine

Privacy Commissioner to take no further action.

Australia's Privacy Commissioner has cleared Sony of wrongdoing after finding the company's security was up to scratch when its PlayStation service was hacked in April.

Commissioner Timothy Pilgrim asked Sony for details of its security architecture to ascertain whether the hack of Sony had broken local laws, despite its infrastructure being located outside of Australia.

Some 77 million user records were compromised during the two day outage, including some 1.6 million Australian accounts.

The investigation concluded there was sufficient infrastructure in place to protect the records and cleared Sony of wrongdoing.

The finding relied on information provided by Sony Computer Entertainment Australia to the Office of the Australian Information Commissioner (OAIC), according to a source close to the matter.

Sony would have breached the Australian Privacy Act if it had inappropriately disclosed customer information to a third party, or did not adequately protect data, the OAIC said.

“The evidence showed that no personal information was disclosed to unauthorised parties; rather the information was accessed as a result of a sophisticated security cyber-attack against the network platform,” the investigation's report said.

The report assessed the hacked security infrastructure against two National Privacy Principles.

The first, 2.1, stated that personal information could only be used or disclosed “for the primary purpose for which it was collected”.

The second, 4.1, stated that organisations must “take reasonable steps” to protect personal information from “misuse and loss and from unauthorised access, modification or disclosure”.

Australia's privacy guidelines do not contain deadlines for companies to inform customers when their information had been compromised, though the office found Sony's week-long wait before it informed customers was too long.

Pilgrim said Sony's Australian chapters should have quickly notified local customers of the hack instead of waiting for the delayed notification from Europe.

“This delay may have increased the risk of a misuse of the individuals' personal information,” he said.

“The Privacy Commissioner strongly recommended that Sony review how it applies the OAIC's guide to handling personal information security breaches.”

Copyright © SC Magazine, Australia

Sony given official reprieve over hack
Top Stories
Content, cost & constant innovation: How Foxtel plans to take on Netflix
Nell Payne inhabits the “brave new world of blue strings and networking”. Just don't ask her to put a TV screen on your microwave.
Sending in the drones
Margins are getting tighter in the industrial services industry, so Transfield Services' Stephen Phillips looks offshore - and to the skies - for the solutions he needs to keep pace.
Westpac fires starting pistol on core banking upgrade
St George readies itself for move to Celeriti.
Sign up to receive iTnews email bulletins
Latest Comments
Should Optus make a bid for iiNet?

   |   View results