A Southern California judge has rejected several key claims in a class-action lawsuit filed in response to Sony’s handling last year of a data breach that left millions of users at risk.
In a ruling released by Courthousenews.com, U.S. District Court Judge Anthony Battaglia ruled users did not have an expectation of “perfect security” when they signed on with the company’s PlayStation Network.
Lawyers filed a class-action lawsuit on behalf of the millions of users whose accounts were compromised in April 2011. They claimed Sony did not notify users until six days after the attack occurred and shut down the PlayStation Network and Qriocity, including prepaid third-party services like Netflix, for a month while it conducted a systems audit to determine the source of the hack. Sony did offer victims free identity theft protection services, certain free downloads and online services, and possible assistance for those issued new credit cards.
The lawsuit claimed Sony failed to follow basic industry-standard protocols to safeguard its customers’ personal and financial information required to use its online services. The lawsuit noted the company already was aware of vulnerabilities after a user posted instructions online on how to “jailbreak” a PS3 console.
The judge dismissed a claim that Sony violated California consumer protection laws. He also rejected other key arguments on the grounds a clause in the PlayStation Network’s privacy policy warned “there is no such thing as perfect security.” By conceding in its EULA that security of data in transit couldn’t be guaranteed, Sony did not mislead consumers or commit fraud, nor guarantee continuous and uninterrupted service, the judge said in striking down those claims in the lawsuit.
The plaintiffs, according to the ruling, also failed to prove specific harm from identity theft or personal fraud as a result of the data breach.
Lawyers have until Nov. 9 to file an amended Consolidated Complaint.