First Lawsuit Filed Over PSN Losses

A gentleman from Birmingham, Alabama has put in the first legal claim against Sony via the U.S. District Court for the Northern District of California. He is hoping his case will be awarded Class Action status so that the complaints of other consumers will be added to its weight.

Kristopher Johns is claiming that Sony did not take “reasonable care to protect, encrypt, and secure the private and sensitive data of its users.” He states that because Sony didn’t warn consumers sooner, they might suffer greater financial damage because they weren’t given the opportunity to make their own decision about closing accounts and cancelling cards.


Johns is claiming for monetary compensation as well as free credit card status monitoring. If his case is awarded Class Action Status it could potentially mean a rather large group of consumers, although undoubtedly substantially fewer than the 75 million accounts, are entitled to join the case and benefit from any future entitlements it yields.

In a country with such a widespread culture of litigation, it’s hardly surprising that it hasn’t taken too long for the first lawsuit to be filed. We wouldn’t be surprised to see similar suits in Europe fairly soon either.

Source: CNet



    • Isn’t the lawsuit about SONY failing to adhere to standards setup to protect consumers data?
      i.e. a good firewall?

      • Having read your links, i’m now confused as to what angle the plaintiffs are coming from, anger?

      • I feel it is a anger thing for now TURRICAN808. here is a bit more info

      • Because if hackers actually have the card information, then the credit card information wasn’t encrypted when stored on the server side. That link is talking about ‘man in the middle’ attacks and is looking at a completely different part of Sony’s security.

        There is actually plenty of proof that Sony didn’t secure information properly. In fact, looking at the IRC chat linked to in that article, they mentioned that Sony was running a 2 year old version of the Linux kernel… Seriously, when dealing with credit card information, that’s literally insane. New server vulnerabilities are discovered every day and if they were doing this, you’ve got to wonder what other vulnerable programs/services they were running on those servers and what other best practices they just couldn’t be bothered with.

      • even if they have the card numbers there useless without the 3 on the back.

      • Firstly, security codes are not mandatory, therefore, plenty of places do not require them. Secondly, tell that to Jeremy Clarkson.

      • have you got names of places that will let you do that without a code?.

      • I’m not a hacker so I don’t need to know that sort of stuff, but you know, I don’t remember being asked for a security code with the PSN…

      • what has it got to do with being a hacker you said there are places that do not need the code so you must no some?

      • Didn’t feel like reading the entire sentence?

      • you have no answer so your trying to pretend no ones reading your comments again you do this a lot when you run out of answers.

      • The playstation network doesn’t require them

      • places you find some were on the net that will accept that.

      • plus the first time you use PSN you have to have that code.

    • T&C are less than irrelevant if they contravene laws of which there are many surrounding data protection.

      • Yes. Sadly most customer services personnel, store assistants, et cetera, do not seem to realise the standing of the law over their company’s own personal policies.

      • As an example, Sony has been ordered to pay for removing OtherOS in Finland and had to have it pointed out to them that a EULA cannot supersede consumer laws:

        I know that’s Finnish law, but contract law is fairly similar is most countries.

      • that is not law its from a powerless board no legal power no courts.

      • Rereading the article you’re right, though apparently in their courts, the opinion of the CCB is considered.

    • not shore about that these days plus its all imagination nothing has happened yet. have you got names of places that will let you buy without the codes?

    • yeah, no!

      the law > license agreement

    • places.

  1. and so the soap opera begins…

    • …More like a season premiere

      • movie premiere :) Sony Goes Bankrupt

      • The Life Of Sony Corp premieres tonight on BBC1 lol

  2. Dont ask me why but this doesnt please me at all.

  3. Typical & expected I suppose?

  4. Surprise surprise. Well, that’s the door opened.
    I have to say, although I am mightily annoyed about the whole thing, I don’t think that suing or indeed class action suits are the way to go. Sony’s just been dealt a huge blow, and yes, it could have been handled better, but it’s not exactly as if they invited their servers to get attacked is it?
    But good luck to the guy anyway.

    • Well, I suppose it would be possible to argue that they invited the interest of hackers (I’m not going to though, even if I think they did alittle bit). But then, I suppose it probably wasn’t that type of hacker who did this… unless Geohot was reallly pissed, heh.

      On a slightly unrelated note, if this actually was a member of Anonymous and they have no intention of using the credit card info, it would be a very effective way of damaging Sony, I mean, to the point where they’re gonna be in trouble with multiple governments whatever happens.

      I know it’s kind of conspiracy theory level of speculation, but still, it’s such a weird coincidence that a few weeks after a hacker group declares war on Sony, Sony is massively hacked…

      Well, whatever happens, I’m hoping it’ll be a while till this information is actually used. I mean if you think about it, this information is kinda hot right now, the hacker may need to wait for the heat to die down.

      • this will be a fine if anything there has to wrong doing first.

  5. Getting a bit burnt on all this now. It is important and it is major cock-up but my enthusiasm has died. Want to move on.

    • Tell me about it. It’s exhausting trying to keep abreast of everything but it looks like the story will run for a few more days yet.

      • Might watch some re-runs Of Charlie and Di’s wedding.

    • *glances at the top commented stories of the week*

      PSN…PSN…PSN…PSN…ooh, Portal!…PSN…

      I never thought I’d get bored of a legal case quicker than the GeoHot scandal.

  6. I take it this fellas had he’s account emptied (doesnt actually say)
    If not, what’s his problem

    • That’s a good point, he’s not gonna have an airtight case if he doesn’t have any evidence that someone has POSSIBLY taken his information, other than Sony’s statement.

    • His point is Sony put him at risk by not contacting him sooner. Due diligence. Also, his case may insist that the reports drafted by the independent security experts are made available to his lawyers to prove if Sony have been lax in their storing of his sensitive information.

      If this proves true, he has grounds for grievance as there is a understanding that Sony will uphold what’s known as a “duty of care.”

      If it can be proved that they did not uphold this arrangement, they’re – legally – in trouble.

      • Has the fella not anything better to do….

      • Ah, I see, that makes sense. Thanks for clearing that up :)

        If it’s compensation he’s after though, surely he’s not going to get that much for ‘grievance’? Especially not if he can’t upgrade it to class action…

  7. I don’t think he’ll get any monetary compensation if he hasn’t actually suffered any loss. Also i don’t think he could possibly have enough information yet regarding what exactly Sony did or didn’t do, the exact nature of the hacking or whether his information was actually accessed or not.

    • we’ve all suffered loss by having our personal details taken by a hacker

      • I don’t think anyone can quantify anything for sure until we at least find out more details about the intrusion – and hopefully before we begin to start hearing stories of subsequent fraud as a result of PSN accounts being compromised.

      • begin to start? .. oh dear.. :S

  8. How many millions? no share, no deal… or something?

  9. How can he file this without knowing if he’s actually lost anything?
    The PSN hasn’t suddenly been restored, has it?

    • i wish it had.
      worn out by the whole thing, time to learn from any errors and get back to normality.

Comments are now closed for this post.