Class Action Lawsuit Seeks Restitution from Sony for Weaksauce Security



+ Add a Comment


I don't know why but I don't feel for these people.  I understand that you want security and you want to feel safe, but it should be understood by now that any information you put on the Internet is out there and if someone wants to get it, they can get it.


While it does look like Sony boned their customers here and didn't really look out for them at all, I can't help but ask where the personal responsibility is.  If you plan to use credit cards and other personal information online like social security numbers, personal addresses, phone numbers, don't ever expect all this info to be in some unbreachable fortress.


Knowing our lovely American law system and all of its l337 failure I'm assuming that plenty if not all these people have a legal case here, and it shouldn't be impossible for them to win.  Have fun being tied up in court for years and paying legal fees while hoping to beat down Sony's law team is all I have to say. If you have the money to wait it out I'm sure you can squeeze quite a lump sum out of this that you don't deserve.



Are you suggesting that if a company doesn't try their best to safe guard sensitive personal data we should all go "oh well, nothing's 100% secure"?

While it's true that no security is 100%, there should be a minimum level that scales with the sesitivity of said data. Sony failed to provide any reasonable level of security and should be held accountable. It's like saying a person running a red light and causing an accident isn't worth taking to court because the road's are never 100% safe. While true, both situations are compounded by reckless negligence which changes the nature of the offense.

As for your last statement. No one is looking for "a lump sum .... that you don't deserve". Class action suits seldom provide more then a token sum to the damaged parties. First off there are legal costs, though it might be a "pro bono" case more then likely the plaintiff legal team were the original filers and are looking to recieve a percentage of the final judgement or court costs as part of the judgement.

Secondly after the legal teams been paid the final amount is then split bettween either, any one that signs on to the class action, or anyone that files to recieve their part of the settlement after the judgement. In each case everything depends on the final number that have a case, could be millions depending on the judgement. I'd say the last payment option will most likely be how things are redressed, say a $50-$100 payment to anyone showing the've been  or potentially been wronged.

Lastly I doubt this will spend a long time in the courts. There's only so many stalling tactics the defense can use, and in a case where the defendents are so obviously in the wrong I'm sure many will be thrown out.

But in the end this isn't about money. It's about setting a precedent. The only way many companies storing sensitive data will take security serious comes down to dollars and sense. If the potential lawsuit will cost more then implementing good security then they will do the later. Hopefully the long term end result will be a law stating what minimum security is needed for our data.


Joe The Plummer

First of all we don't know if any of this is true as these are anonymous witnesses. Only a court case requiring them to testify will we see if they're telling the truth or not that Sony was negligent.

As for people's personal responsibility most consumers did everything Sony asked. They provided a password and email address and agreed to the TOS. What they're suggesting is Sony did not live up to their end of the agreement. It is required by law that financial information be encrypted and stored securely based on standard secrurity protocols. That is the assumption you or I would have when we fork over financial information. We don't assume however that every security system is perfect and that no one will access our data. However if they don't meet the standard, then as a consumer they have not fulfilled their end of our financial agreement and thus I have standing to sue. If they do meet the standard criteria then the case should be tossed.






blame the victims for a pretty clear cut case of gross negligence on the side of a company they entrusted their data with? really at this point your performing some mental gymnastics. sony deserves to be sued for this BS.



Yeah, I specifically said it does look like Sony is in the wrong here by boning their customers, but the only point I was making was that these people shouldn't be surprised that things like this are going to happen.

They've got a chance for a lawsuit due to negligence, but I seriously doubt anyone has the money to stay in court long enough with a Sony legal team to actually get anything out of it. Oh, and yes I did all sorts of mental gymnastics to arrive at this conclusion.  While I'm all for whining and holding other people responsible for my misfortunes I tend to blame myself before anyone else gets to feel it.

Even if Sony had the best security possible, this was still possible.



Pull your head out of your ass or who evers its up atm. Its been obvious from the get go that Sony has been trying to shift the blame to the people who hacked them for their complete lack of security.

In fact to even say that they were "hacked" is wrong. The info that they lost wasnt even secured....AT ALL. And i get the feeling that this case is just the start. They are criminally liable and im crossing my fingers that they get hammered for it.


Red Ensign

Reading comprehension at it's finest I see. I'll make it simple for you to understand. Sony can use the best security tech in the world and it wouldn't matter if some one wanted your data. They would get it and you're powerless to prevent it unless you pull the plug on your router and never connect again. That's the point the OP is making. Perhaps you should go back to the main page and refresh. You can read all about hackers hitting Citigroup for a couple million. Do you think they should be sued? Perhaps you'd like to look up how some of the most secure defense networks in the world were recently hacked. Surely they deserve the wrath of our pathetic legal system.



You obviously dont know anything about security nor do you have any clue what so ever is even going on here.



Waving Sony flag at its finest I see.

Yes, systems do get hacked, and yes no information out there is sacred.

But one would expect Sony to at least encrypt the user data so that if and when they get hacked the personal data of all the people who are keeping them employed and in business is somewhat secured. What they have done is the equivalent of typing user information in an excel spread sheet and hiding it behind a wireless router with WEP encryption.




@ red ensign

yeah we all learned that line in introduction to computers at college. If i remember correctly, the passwords that were heisted were stored as plain text, that seems pretty negligent to me. citi-group is a different story and a different network. I was trying to clearly point out how the whole "any network can be breached" line doesn't really apply to this situation where from keepin up with the story sony's security was about as effective as a set of turnstyles at a subway station.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.