Data Theft

Data Theft

Sony has filed an ‘‘initial report’’ to the Office of the Irish Data Protection Commissioner on the loss of names, addresses, passwords and other personal data of over 400,000 Irish PlayStation account holders.

As many as 60,000 Irish credit card accounts were also exposed during an internet hacking episode which affected 100 million people worldwide.

The report on the data breach is understood not to contain forensic details on how hackers accessed the data at the end of April.

Sony is unlikely to face any sanction under Irish data protection law, which is based on a voluntary code. Despite several lawsuits in the US, experts say that the company will also escape legal action from affected Irish subscribers, whose only legal remedy lies in proving a breach of the company’s duty of care.

Credit card companies have not yet reported any significant rise in fraud associated with the Sony internet hack.

Under Irish law, companies are not currently required to report details of a data breach either to the Data Protection Commissioner or to the data subjects themselves.

‘‘The law hasn’t followed pace, and legislation is very far behind the crime," said Conor Flynn, technical director with Rits, an IT security firm. ‘‘This is as much of an issue for the National Consumer Agency as the Data Protection Commissioner. As a consumer issue, we should be able to add teeth to legislation in this regard."

The hacking attack is one of the most serious data breaches ever to affect Irish internet users.