14 DAY TRIAL // A new class action lawsuit was filed against several Sony subsidiaries, including Sony Corporation of America, Sony Computer Entertainment of America, Sony Picture Entertainment and Sony Network Entertainment International, for failure to adequately protect costumer data.
The complaint was filed by Felix Cortorreal, Jacques Daoud jr., and Jimmy Cortorreal, in their name and that of other consumers affected by the PlayStation Network (PSN) breach.
"This is a nationwide class action for damages and injunctive relief arising from one of the largest data breaches in United States history.
"On or about April 16, 2011, Sony sustained a massive breach to its inadequately secured PlayStation Network, which placed personal information belonging to 77 million user accounts in the hands of cyber-criminals," the complaint reads.
Sony is accused of touting its network as secure despite failing to implement basic security measures like firewalls, software updates and password encryption. Even more, the complaint claims that the company actually did it for other assets.
"According to Confidential Witness 1, Sony invested significant resources, including firewalls, debug programs, and IP address limitations, to protect its own confidential proprietary information housed on Sony's development server," the complainants write.
It is also alleged that Sony failed to take appropriate measures even being warned of security vulnerabilities on its network and impending attacks from Anonymous.
Another confidential witness, who was a quality assurance tester at Sony Computer Entertainment America (SCEA) between February 2008 and May 2010, claims that Sony unnecessarily stored credit card information when its primary competitors didn't.
Another accusation concerns the time Sony took to warn customers. Although the breach occurred on April 16 and Sony was aware of its seriousness by April 20, the company didn't publicly reveal what happened until a week later, on April 26.
The complaint also mentions the attack against Sony Pictures carried out by LulzSec. "On June 3, 2011, despite the massive breaches that had already occurred, Sony again failed to protect its Customers' Personal Information from being stolen by persons using a elementary hacking device known as 'SQL Injection'," it notes.