Sony Didn’t Break The Law When Somebody Else Hacked Them

Sony Didn’t Break The Law When Somebody Else Hacked Them

The law can be a strange beast sometimes. Take Sony and Australia, for example: earlier this year, when the PlayStation Network was hacked into, an investigation was launched targeting Sony, to see whether the company had broken Australian law.

Australia’s Privacy Act mandates that all bodies holding confidential information must take “reasonable steps” to ensure that information is stored in a safe and secure location. So when 1,560,791 Australian PSN accounts were hacked into as part of the April attacks, the country’s Privacy Commission were forced to act.

That investigation wound up today, Privacy Commissioner Timothy Pilgrim announcing that Sony had been found to be in total compliance with the act, saying “Sony took reasonable steps to protect its customers’ personal information, including encrypting credit card information and ensuring that appropriate physical, network and communication security measures were in place”.

As a technicality (I hope it’s just that and this wasn’t a serious investigation, seeing as it would have been my taxpayer money funding it), Pilgrim could also reveal that the Commission had found “no evidence that Sony intentionally disclosed any personal information to a third party”.

“Rather, its Network Platform was hacked into.”

Phew. Glad we got that cleared up.

Sony did not breach Australian privacy law, says Privacy Commissioner Timothy Pilgrim [The Australian]


  • Didn’t Sony admit that some private account information was stolen during the hacks? I know that some “scene hackers” found that CC info is not encrypted when sent to and from Sony

    • Credit Card information IS Encrypted when sent back and forth. The “scene hackers” found out that with custom firmware you could send un-encrypted information.

      As for information stolen, the breach meant that the hackers could of accessed basic account information (account names, encrypted passwords, etc). There was no evidence that information was stolen, but it could of been.


    Next time call me, I’ll tell you when you’re about to blow a bunch of taxpayer’s money and I’ll only charge half as much.

  • If you think back to when this all happened, the outrage wasn’t so much about them being hacked, but more that it took them so long to admit it, and they didn’t disclose to their customers what information was actually stolen until long after the fact.

    Now if their delays in providing this information are in fact legal then there is something wrong with our privacy laws.

Show more comments

Log in to comment on this story!