Sony Unit Sued by PlayStation Customer Over Security Breach and Data Theft

Sony Corp. (6758)’s network entertainment unit was sued by a PlayStation customer claiming it failed to protect users’ personal information and credit-card data that the company says may have been stolen by a hacker.

Sony delayed disclosing the security breach to PlayStation online games customers, who couldn’t access the service as a result of the problems, according to a complaint filed today in federal court in San Francisco.

“Consumers and merchants have been exposed to what is one of the largest compromise of Internet security and the greatest potential for credit-card fraud to ever occur in United States history,” the customer said in the complaint.

Sony warned its 77 million PlayStation Network and Qriocity online service customers that their credit-card data, billing addresses and other personal information might have been stolen. The thief obtained user-provided names, e-mail addresses, birth dates, log-in information and purchase histories, Sony said on its PlayStation blog page.

The network provides access to online games, movies and television shows. It was attacked from April 17 to April 19 and both services were shut down April 20, Sony said.

It took several days to conduct forensic analysis, and experts needed until April 25 to understand the scope of the breach, the company said yesterday in an e-mailed statement.

The plaintiff, Kristopher Johns, of Birmingham, Alabama, seeks to represent all affected users in a class-action suit.

Reimbursement, Refunds

He asked for reimbursement for losses from credit-card data theft, payment for credit monitoring for all plaintiffs, refunds for defective services and PlayStations and unspecified punitive damages.

Patrick Seybold, a Sony spokesman, didn’t immediately reply to a voice-mail message seeking comment.

Sony said yesterday that it notified consumers as quickly as it could.

“It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach,” the company said by e-mail, referring to April 25. “We then shared that information with our consumers and announced it publicly.”

The case is Johns v. Sony Computer Entertainment America LLC, 11-02063, U.S. District Court, Northern District of California (San Francisco).

To contact the reporter about this story: Karen Gullo in San Francisco at kgullo@bloomberg.net.

To contact the editor responsible for this story: Michael Hytha at mhytha@bloomberg.net.

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.