Go figure: the recent PSN data breach has prompted a class action suit against Sony. Filed in a California district court by the Rothken law firm, the 22-page complaint accuses Sony of failing to adequately secure the sensitive information of its users. The company revealed Wednesday that it stored the contact information, age, location, and usernames/passwords of some 77 million PSN accounts in an unencrypted state. Hackers gained access to this data during a security breach that has left PSN offline since last week.
The filing asserts that some PSN users have begun to experience losses from fraudulent use of credit card information swiped in the breach, but we're not sure how accurate that is. Many users have reported that their financial accounts have been fraudulently charged in recent days, but Sony has repeatedly stated that there is no evidence to suggest credit card numbers were taken. Furthermore, the company kept credit information encrypted on its servers, so we don't know what to make of users' claims just yet. Feel free to chime in if you've been affected.
According to the filing, Sony's negligence violates the Payment Card Industry Standard, a regulation that protects consumers from having their credit card and transaction information stored without the proper security requirements. The suit blames Sony for not informing customers that their data was being stored by insecure methods. It also accuses the company of taking an unreasonably long time to announce the data breach in an official capacity, leaving users with insufficient time to cancel credit cards and change passwords.
"Sony's breach of its customers' trust is staggering," said Rothken co-counsel J.R. Parker. "Sony promised its customers that their information would be kept private. One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information. Apparently, Sony doesn't." The firm seeks compensation for the time and money users spent for credit monitoring and replacement – not to mention a new pair of underwear.