Sony PSN hacking lawsuit dismissed by judge

A judge rules that "there is no such thing as perfect security," after 75 million customers' billing addresses, user names, passwords, and phone numbers were stolen in a massive cyberattack.

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
Dara Kerr
2 min read

A California district judge has dismissed a handful of charges that plaintiffs brought against Sony, including negligence, restitution, and unjust enrichment in its handling of a PlayStation Network data breach last year.

Several lawsuits were filed against Sony PlayStation Network in the wake of a major security breach of the personal data of more than 75 million customers in April 2011.

On Friday, Judge Anthony Battaglia of the U.S. District Court in Southern California ruled that one of those class action suits is invalid, according to Courthouse News.

When the attack happened in 2011, more than 75 million customer accounts of Sony's PlayStation Network and Qriocity service were exposed in a hack on 10 of the company's servers in San Diego. Later, 25 million customer accounts of Sony Online Entertainment were found to be compromised as well. The information exposed included customer names, e-mail addresses, billing addresses, passwords, phone numbers, genders, and birth dates. Sony maintains that credit card information was not stolen.

The company came under fire almost immediately for not alerting its customers of the breach for several days after it occurred. Then the PSN and Qriocity services were taken offline for almost a month while Sony scrambled to rebuild its security systems and undertook a forensic investigation into the breach.

The class action lawsuit that Battaglia dismissed was filed in June of last year and alleged that Sony "failed to follow basic industry-standard protocols to safeguard its customers' personal and financial information, thereby creating foreseeable harm and injury to the Plaintiff class."

Battaglia ruled, however, that these plaintiffs' motives in going after Sony were unjustified. According to Courthouse News, he said Sony was not in violation of California consumer-protection laws or guilty of bailment charges.

"None of the named plaintiffs subscribed to premium PSN services, and thus received the PSN services free of cost," Battaglia said, according to Courthouse News. "Plaintiffs freely admit, plaintiffs' personal information was stolen as a result of a criminal intrusion of Sony's Network. Plaintiffs do not allege that Sony was in any way involved with the data breach."

Additionally, Battaglia said Sony couldn't be fully responsible for the hack. "There is no such thing as perfect security," he said, according to The Register. "We cannot ensure or warrant the security of any information transmitted to us."

The plaintiffs now have until November 9 to decide if they want to file an amended complaint.

After the security breach and the several lawsuits filed against Sony, the company added a controversial change to its Terms of Service and User Agreement in September 2011. Under the revised terms, consumers now must waive the right to participate in any class action lawsuit filed after August 20, 2011 against the gaming and content delivery portion of Sony .

CNET contacted Sony PlayStation Network for comment. We'll update the story when we get more information.