Managing Cyber Risks

Sony Cyber Attack and the Privacy Act

Sony’s cyber-attack investigated by the Australian Privacy Commissioner

On 19 April 2011, Sony became aware that hackers had gained access to their Network Platform which held personal information of approximately 77 million customers world-wide. These included contact and credit card details.  The Australian Privacy Commissioner commenced an investigation into whether Sony complied with National Privacy Principles 2.1 and 4.1 under the Privacy Act amongst concerns that Australians' personal information may have been compromised in the cyber-attack,

The Commissioner found that Sony did not breach National Privacy Principle 2.1 which only allows disclosure of personal information for the purpose it was collected, as the release of information was not intended by Sony, but rather the result of a 'sophisticated security cyber-attack' against Sony's Network Platform.

The Commissioner also found that Sony had acted in accordance with the National Privacy Principle 4.1 in taking reasonable steps to protect its customers' personal information from misuse and loss and from unauthorised access, modification or disclosure.

The Commissioner noted that Sony:

  • had physical, network and communication security measures in place, including the encryption of credit card information;
  • temporarily shut down the Network Platform servers and services after the security breach;
  • subsequently advised consumers about the incident via the PlayStation website, the media and by email; and
  • has since implemented various new security measures such as appointing a Chief Information Security Officer.

However, the Commissioner did express concerns that Sony allowed 7 days to go by before notifying its customers, and strongly recommended that Sony review how it applies the OAIC's Guide to handling personal information security breaches in light of the high risk Sony's customers were exposed to after the cyber-attack.

  

Latest News

Finalist in the Insurance Industry Awards

We were pleased to be advised this week that we are a finalist in the Australian Insurance Industry Awards in the category of Most Outstanding Authorised Representative Business for 2019.

Our company very much appreciates the accolade and just being nominated is prestigious to us. The awards ceremony is in August and we will see how we go, but being in the Top 4 is a credit to our team who have worked tremendously hard in the last eight years.

read more

2019 Insurance Brokerage of the Year

CPR Insurance Services are so proud to be awards for the second year in a row, "Australian Insurance Brokerage of the Year (1-5 staff)". To win this award two years running is very much a fantastic achievement and reflects the high standard we have maintained in the last two years.

We very much thank our hard working staff, Ausure Insurance Brokers our licence holder, the Steadfast Group, NIBA and LMI who have supported us with resources and services to meet the demands of our clients.

And of course we thank all our clients for their fantastic support over the eight years of our business, who if not for them, we would not have a business. Thank you.

read more