A lawsuit filed this week suggests that Sony sacked a group of employees from its network security division just two weeks before the company’s servers were hacked and its customers’ credit card details were leaked. The suit, which seeks class action status, is being brought by victims of the massive data breach that took place in April.
The PlayStation Network data breach leaves some longer-term reminders for Sony. For example, the company is now dealing with a handful of lawsuits over the breach, including one filed this week alleging that Sony laid off network security staff just weeks before the breach and ignored previous smaller-scale hackings that demonstrated security holes.
Sony is charged with negligence, breach of contract, breach of fiduciary duty, and violating the federal Electronic Communications Privacy Act by not properly securing customer information. The suit cites a half-dozen former Sony Computer Entertainment America and Sony Online Entertainment employees as confidential witnesses to help it make its case.
The confidential witnesses prove that Sony kept different security standards for its own information and that of its customers, using out-of-date software, substandard encryption processes, and no firewalls when it came to customers’ data. Meanwhile the suit shows that Sony was warned in early April by hacking group Anonymous that it had become a target for cyber attacks, and The plaintiffs also claim Sony made “a substantial percentage” of its Sony Online Entertainment workforce redundant, including “a number” of employees working at its Network Operations Center. As for previous hacks, the suit notes widespread hacking of Modern Warfare 2 made the game "unplayable online" in January, and it refers to unspecified reports in May 2009 that unauthorized copies of customers’ credit cards were emailed to an outside account. Sony has already launched a program to provide affected PSN users with 12 months of complimentary credit monitoring.