Lawsuit Alleges Sony Knowingly Failed to Protect Customer Data Ahead of PSN Attack

Company fired network security personnel, used inferior cyber security for customer data, lawsuit claims.

Sony has repeatedly stated there was nothing more it could have done to prevent the April PlayStation Network cyber security breach that led to one of the largest thefts of consumer data in history. But according to a new class action lawsuit, nothing could be further from the truth.

As Reuters reports, on Monday a trio of men (Felix Cortorreal, Jacques Daoud Jr., and Jimmy Cortorreal) filed a lawsuit against Sony that alleges the company fired network security employees two weeks before the attack on PlayStation Network and "spent lavishly" on cyber security to protect corporate information while choosing not to use the same level of security for customer data.

Citing a confidential source, the lawsuit states that Sony knew it was at increased risk of cyber attack in the weeks building up to the April 19 breach because it was in the process of suing famed PlayStation 3 hacker George "Geohot" Hotz (a case the company later settled) and it had experienced a number of smaller security breaches leading up to the full scale PSN attack.

Still, Sony laid off "a substantial percentage" of employees in its Network Operations Center, the lawsuit claims, and it decided not to install the same firewalls and other security measures for customer data that it used to protect corporate data.

Sony has yet to respond to requests for comment on the case.

Source