Managing Cyber Risks

Sony Cyber Attack and the Privacy Act

Sony’s cyber-attack investigated by the Australian Privacy Commissioner

On 19 April 2011, Sony became aware that hackers had gained access to their Network Platform which held personal information of approximately 77 million customers world-wide. These included contact and credit card details.  The Australian Privacy Commissioner commenced an investigation into whether Sony complied with National Privacy Principles 2.1 and 4.1 under the Privacy Act amongst concerns that Australians' personal information may have been compromised in the cyber-attack,

The Commissioner found that Sony did not breach National Privacy Principle 2.1 which only allows disclosure of personal information for the purpose it was collected, as the release of information was not intended by Sony, but rather the result of a 'sophisticated security cyber-attack' against Sony's Network Platform.

The Commissioner also found that Sony had acted in accordance with the National Privacy Principle 4.1 in taking reasonable steps to protect its customers' personal information from misuse and loss and from unauthorised access, modification or disclosure.

The Commissioner noted that Sony:

  • had physical, network and communication security measures in place, including the encryption of credit card information;
  • temporarily shut down the Network Platform servers and services after the security breach;
  • subsequently advised consumers about the incident via the PlayStation website, the media and by email; and
  • has since implemented various new security measures such as appointing a Chief Information Security Officer.

However, the Commissioner did express concerns that Sony allowed 7 days to go by before notifying its customers, and strongly recommended that Sony review how it applies the OAIC's Guide to handling personal information security breaches in light of the high risk Sony's customers were exposed to after the cyber-attack.


Latest News

Finalists again in 2020

CPR Insurance Services was very pleased to be nominated again for this year's Insurance Business Magazine awards. Unfortunately the Awards night has been postponed until later due to COVID19, we very much appreciate the accolades this brings us. We have been nominated three years in a row now and won the the award the past two years. It was always going to be very hard to win three in a row.

read more

CPR Insurance Services Awarded Authorised Representative Insurance Business of the Year for 2019

Mandy and Robert Cooper were proud to receive the inaugural Authorised Representative Business of the Year from ANZIIF in the Australian Insurance Industry Awards for 2019.

We share this award with all our staff, Lauren, Guy and Sarah and thank them for their dedication in providing the best possible customer service. We also thank our clients who have made our business what it is today. We thank you all so much.

read more