They say things have to get worse before they can get better. For Sony, that's apparently a threat – not a promise. First PSN
, then Sony announced that some hacker got their keyboard-calloused mitts on everyone's
, and now, well, you can probably see where this is headed. Yep: straight to court.
The Rothken law firm has
filed a federal class action lawsuit
against SCEA on behalf of PSN's 77 million-strong customer base. Specifically, the suit takes Sony to task for "failure to maintain adequate computer data security of consumer personal data and financial data" and demands compensation for "extra time, effort, and costs" users must now expend to help clean up Sony's mess.
"Sony’s breach of its customers’ trust is staggering," said Rothken co-counsel J.R. Parker. "Sony promised its customers that their information would be kept private. One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information. Apparently, Sony doesn't."
Now the sticky part: Is it even fair to blame Sony for the actions of some maniacal tube-bending Internet wizard? Could any security measure taken a hit like this and not come crumbling down? For obvious reasons, Sony's not talking, but
this Digital Foundry article
is incredibly eye-opening. In a nutshell, PSN's gaping security holes have been clearly visible since the Geohot jailbreaking brouhaha earlier this year, yet Sony did nothing to patch them up. There's far more detail in the actual article, and it's well worth a read.
So, does it constitute negligence on Sony's part? That's for the court to decide. In the meantime, we can only say for certain that Sony did a fairly miserable job of communicating in the early goings of the situation, and that's a colossal no-no. As we said earlier, things have to get worse before they can get better. We have to wonder, though: Is Sony the one making them worse?