Class action lawsuit filed against Sony for security breach

by Griffin McElroy on Apr 27th 2011 6:05PM

As expected, the first federal class action lawsuit addressing the recent PSN security breach has been drawn up and submitted to the Northern District Court of California. The complaint, which was filed by the Rothken Law Firm representing 36-year-old Alabama resident Kristopher Johns (as well as every other affected PSN user), accuses Sony of "failure to maintain adequate computer data security of consumer personal data and financial data," and of failing to take "reasonable care to protect, encrypt, and secure the private and sensitive data of its users."

The suit also accuses the company of waiting too long to inform users about the breach, preventing them from making "an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions." The suit is seeking compensatory damages for the time and costs required to check their credit reports or change their credit or debit card information, as well as compensation for the PSN downtime.

According to IGN, Rothken Law Firm co-counsel J.R. Parker said in a statement, "Sony's breach of its customers' trust is staggering." He added, "Sony promised its customers that their information would be kept private. One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information. Apparently, Sony doesn't."

A PDF of the court document is embedded after the jump.

Source: Rothken Law Firm, CNET, IGN

Tags: class-action, lawsuit, legal, outage, playstation, ps3, psn, psn-outage-2011, psp, rothken-law-firm, sony

Reader Comments (171)

It wasn't a matter of if, but a matter of when. Surprise!

People should really read the terms and conditions first in it sony says " we are not responsible for any lose of data or damages to from illegal activity"

@manson1994 That's a reference to the data stored on the machine. The privacy statement says that your personal information is safe.

They have breached their own agreement.

@manson1994 This. I'll definitely being opted out this. It is clearly written in the ToS before you sign up for PSN. I say this after having to call in and cancel two credit cards due to all this. :|

There's a federal law that requires public corporations with web sites to encrypt user data, for children doubly so. If the data was truly not protected Sony is in for a big world of hurt.

@Blazeddc You over reacted about your credit cards, Fist you should have some sort of fraud protection, second, 77 million accounts, what are the odds that this small group got your info?

@mmmfishtacos Pretty damn good, considering all of those credit card numbers would take merely seconds to swipe with the right algorithms.

@sortius No they haven't. Sony had a system in place to help ensure the safety of our personal information. Unfortunately that system was not quite as strong as everybody had hoped. Guess what? No security system is immune to being hacked.

Say what you will, but I agree with the Rothken Law Firm.

@AutobotIronhide

it's too bad they don't have any proof of when Sony knew about the information being stolen, because... nobody does.

this should go well.

@A Burger

Yep, no proof at all except for Sony's mass distributed confession.

@A Burger Blaaaah did you read what the lawsuit is charging? It's about Sony's failure to adequately protect the information, not whether or not they knew. Two separate things.

See, this is why I stopped hiring food products to do my taxes...

@A Sandwich

Keep thinking that, fanboy.

@A Burger
Guys, this is a first on the internet. A lawsuit over identity theft is being debated in intense, firey language by a hamburger and a sandwich.

Coming up next: was Obama born in America? We ask the McRib and an order of Cheezybread!

@A Sandwich

I just ate your brother. He was filled with tuna and his skin tasted of wheat.

@A Hamburger

I just ate your friends brother (potato chips).

@A Sandwich and A Hamburger

How do you guys feel?

@Marco le Polo

They can only feel delicious, silly.

@AutobotIronhide

Wouldn't they first have to know WHAT security measures Sony had in place before accusing them of not having enough? And who defines what "enough" is? I think this is going to be a difficult case to prosecute.

If you put your valuables in a bank's safety deposit box and they get robbed, you can't sue the bank for not having enough security.

Now, if they find that the information wasn't encrypted, or had no protection at all, they might have a case. But, if they had systems in place, and the systems were compromised, they're walking away empty handed.

@AutobotIronhide

I usually prefer burgers, but on this situation, I'd rather go with a sandwich. Sorry, burger.

@A Burger

You suck as a sandwich.

@A Burger
Food fight!

@Bubbameister33

Woah now, you're getting a little too philosophical here. How exactly does one feel their own deliciousness? We'll need more than science for this one.

@PR0F3TA

Not only am I NOT gaining ANY kind of profit from this situation whatsoever, but I am also crossed at Sony for not having better security.

@Troy Powers

Read the comments from the other PSN from today. Because passwords were stolen that automatically means Sony didn't have them encrypted. If all the hackers got were hashes they couldn't do anything with them.

Sony's own PR people. who are none too swift in the first place, may have lost Sony this lawsuit already based on the information they've already released.

If Sony's smart (and their PR people have already proven they're idiots so Sony's leadership better hope their lawyers are smarter) they'll settle this lawsuit out of court quickly.

@GMUHistorian

Meh...I disagree. They probably said "passwords" instead of "hashes" because the average consumer knows what that means. At this point, no one knows, but Sony. Again, if the info wasn't encrypted, then I'd say they didn't have "enough" security. I mean that's pretty basic. If you have completely unencrypted password and credit card data on a server, you're just a jackass. I'm no expert, but depending on the level of the encryption, the data could be copied and cracked later. If it's salted and encrypted, the data is going to be almost impossible to crack.

I guess it'll all come out in the wash.

@Zacxx201 http://kontraband.se/blog/wp-content/uploads/2009/07/clapping.gif

@Once known as Shadsy
highlarious!

@Once known as Shadsy And do tell what's your definition of "adequately"?

The fact that the protection failed (and no protection is completely hackproof), doesn't mean it wasn't adequate.

generic terms don't bode well for lawsuits.

enjoy your check for $1, while the lawyers rake in the big bucks, on the rare chance that this lawsuit is even successful, clowns.

lol

@A Burger

This lawsuit is not JUST about money.

@A Burger
Or, you know, it's about punishing Sony for failing to adequately protect the personal info of their consumers?

@Magetto

oh yeah, big punishment. Settling for a small sum and writing out a tiny check, then being forgotten about in a month.

totally worth it.

@A Burger

We'll have the last laugh when thousands of your kind are chosen from the dollar menu and consumed.

@southernpredator

"This lawsuit is not JUST about money"

HA
HAHA
HAHAHA

HAHAHAHAHAHA...

;_; so funny

@PR0F3TA

isn't it thought?

haha

@PR0F3TA

Class actions do generally just make the lawyers rich, but if they can force companies to make needed changes they aren't always a waste. So, yes, he's correct in saying it isn't always just about the money. That depends solely on party in question (i.e. the lawyers, the corporation, the consumers, etc...)

@anoffday

lol

@A Burger
damn, the people who got into and paid for law school, passed the bar exam, and put the time and effort to form a case on how their client's privacy was molested get the money. life sucks.

About time!

Well that didn't take long. Kind of ironic it's being filed in California.

@Faceless Troll

Less like "Ironic", More like "Expected".

@My Prerogative *slow clap*

Having to change all my passwords, and then canceling my cards (as soon as I remember/find out which one(s) was tied to my PSN account) is a huge pain in the ass.
Sony didn't have their customers privacy and protection in mind, and I kind of think they deserve all of this. I never hacked my PS3, bought close to 50 retail games, and over hundreds of PSN content, but they should have never went about their anti-hacking tactics the way that they did. I hope most of us gamers wont be affected with credit fraud or identity theft, and that this is wake up call for Sony.

@mywhitenoise I also think some of your anger should be directed at the ones who actually took the time to HACK the PSN. Everyone just keeps blaming Sony, but these people are out there still and can go after something else when they feel like it.

@mywhitenoise

How much money has changing your passwords and replacing your credit cards cost you?

I guess we're two different kinds of people, if someone found a way to break into my house and robbed me, I would be more upset with the robbers. I guess you would be more upset with yourself because you didn't know exactly how someone would break in and steal your stuff, before it happened.

@WillyLo
Why should I blame hackers? They were just trying to initially put Linux back onto their consoles (sony removed it on all Slim designs first, and later removed it from every PS3). I believe you should be allowed to modify your console if you have the means to, that doesn't mean I support stealing content, though.
Sony were stupid enough to believe they could actually stop hackers and pirates, when they clearly failed doing that with the PSP. They did shit for securing our private and personal information, they had everything stored in plain text. This is a nightmare for everyone involved, except for hackers and pirates. They won.

@mywhitenoise
"Why should I blame hackers?"

Maybe because they are the ones who stole everything?

@mywhitenoise

"Why should I blame hackers? They were just trying to initially put Linux back onto their consoles..."

Seriously?!!?

@libregkd
You're right. I'm getting the bad hackers confused with the "good" ones. Everyone seems to blend the two together, and I mistakenly did the same.

@Troy Powers

you all say sh!t like "Seriously?!?!?" but have you read what people here have been typing lately? They ALL blame Sony and give the actual robbers a free pass. This whole issue is a mess, and on top of that when you add a bunch of greedy self demanding gamers of this gen, it only gets worse. I blame sony for not telling us our info MAY have been stolen, they waited till they knew it WAS stolen. Other then that SONY DOES NOT CARRY THE BLAME ON PSN DOWNTIME... people talking of getting compensation for 2 weeks of no free online gaming?! i mean wtf have you gamers become.

@PR0F3TA
PR0F3TA you are so right.
I dont know what the law sued going to get, but really is stupid, and is just a waste of time. The people are blaming Sony, but I don't get it, banks and other companies get breached and they stay quiet. Sony informs us once they were sure what was compromised, although I do say it was wrong of them not detailing stuff more sooner, but I do give them credit for trying to keep everything calm.

Now if on Thursday they announced that they detected and intrusion don't people supposed to assume the worst and go and start preparing a plan of action in case something gets stolen. Is always handy to be prepared for everything.

Another note, people keep blaming Sony, but the Hackers (Crackers) are the ones that stole our information, and probably these people who stole our information have been trying to breached the system for days, looking for holes and making sure not to leave any tracks, and most probably was more than one person, or just a very good Hacker.

I'm tired of people getting angry over this, stop acting childish and move on already, Sony did their best to secure our data, and they did shutdown PSN Service, it would have been worst that if PSN service keep working they could have done more damage and you all wouldn't even noticed, not until later in a month that we get an email stating that they were breached in April and all your information was stolen.

| 1 | 2 | 3 | 4 | Most Recent | Next 50 Comments

Sorry, you must be logged in to leave a comment.

Breaking News

The most popular posts
in the last 7 days

Rumor: Japanese Vita devs jumping ship, Sony responds 124 comments
Buy 2 get 1 free on select Vita games at GameStop starting today 114 comments
Sony's Rohde: proprietary Vita cards 'completely necessary' to combat piracy 112 comments
Sony: Call of Duty blasting onto Vita this fall 89 comments
Asura's Wrath review: Wrecking the curve 84 comments

Class action lawsuit filed against Sony for security breach

Reader Comments (171)

Posted: Apr 27th 2011 6:07PM krisr2005 said

Posted: Apr 27th 2011 7:11PM manson1994 said

Posted: Apr 27th 2011 7:40PM sortius said

Posted: Apr 27th 2011 7:43PM Blazeddc said

Posted: Apr 27th 2011 8:11PM jsx said

Posted: Apr 27th 2011 11:40PM mmmfishtacos said

Posted: Apr 28th 2011 3:23AM NIck PSN ID Rattlehead91 said

Posted: May 4th 2011 8:20PM Bryangst said

Posted: Apr 27th 2011 6:08PM AutobotIronhide said

Posted: Apr 27th 2011 6:10PM A Burger said

Posted: Apr 27th 2011 6:16PM A Sandwich said

Posted: Apr 27th 2011 6:17PM Once known as Shadsy said

Posted: Apr 27th 2011 6:17PM A Burger said

Posted: Apr 27th 2011 6:22PM Once known as Shadsy said

Posted: Apr 27th 2011 6:23PM Marco le Polo said

Posted: Apr 27th 2011 6:27PM Bubbameister33 said

Posted: Apr 27th 2011 6:33PM Troy Powers said

Posted: Apr 27th 2011 6:35PM AutobotIronhide said

Posted: Apr 27th 2011 6:59PM Captain Planet Planeteer Power said

Posted: Apr 27th 2011 7:05PM Zacxx201 said

Posted: Apr 27th 2011 7:06PM Blackbird said

Posted: Apr 27th 2011 7:09PM AutobotIronhide said

Posted: Apr 27th 2011 7:24PM GMUHistorian said

Posted: Apr 27th 2011 7:40PM Troy Powers said

Posted: Apr 27th 2011 8:25PM Jamvaan said

Posted: Apr 28th 2011 4:23PM Vero Fox said

Posted: Apr 28th 2011 6:00PM Abriael said

Posted: Apr 27th 2011 6:09PM A Burger said

Posted: Apr 27th 2011 6:12PM southernpredator said

Posted: Apr 27th 2011 6:20PM Magetto said

Posted: Apr 27th 2011 6:24PM A Burger said

Posted: Apr 27th 2011 6:39PM anoffday said

Posted: Apr 27th 2011 6:46PM PR0F3TA said

Posted: Apr 27th 2011 7:00PM A Burger said

Posted: Apr 27th 2011 8:41PM Vidikron said

Posted: Apr 28th 2011 10:04PM shaggyc said

Posted: Apr 28th 2011 10:15PM (Unverified) said

Posted: Apr 27th 2011 6:09PM southernpredator said

Posted: Apr 27th 2011 6:10PM Faceless Troll said

Posted: Apr 27th 2011 6:15PM My Prerogative said

Posted: Apr 27th 2011 7:28PM Juri said

Posted: Apr 27th 2011 6:12PM mywhitenoise said

Posted: Apr 27th 2011 6:21PM WillyLo said

Posted: Apr 27th 2011 6:24PM Mr Hett said

Posted: Apr 27th 2011 6:31PM mywhitenoise said

Posted: Apr 27th 2011 6:36PM libregkd said

Posted: Apr 27th 2011 6:36PM Troy Powers said

Posted: Apr 27th 2011 6:39PM mywhitenoise said

Posted: Apr 27th 2011 6:53PM PR0F3TA said

Posted: Apr 27th 2011 7:36PM UrielItachi said

Info

Description

MSRP

Release Date

Genre

Developer

Publisher

Rating

Breaking News

Amnesia: A Machine for Pigs is the next title from Frictional Games and Dear Esther dev

Featured Stories

Building A Machine for Pigs and expanding the universe of Amnesia

Persona 3, Tactics Ogre, and other PSP RPGs that will live on my Vita

Tekken 3D Prime Edition review: Far from prime edition

The most popular postsin the last 7 days

Engadget

TUAW

Massively

WoW

The most popular posts
in the last 7 days