The Rothken law firm has filed a federal class action lawsuit against Sony on behalf of "approximately 77 million" PlayStation Network users who are unable to access the PSN.
Calling the security breach the "largest compromise of Internet security and the greatest potential for credit card fraud to ever occur in United States history," the suit accuses Sony of "breach of warranty, negligent data security, violations of consumers’ rights of privacy, failure to protect those rights, and failure and on-going refusal to timely inform consumers of unauthorized third party access to their credit card account and other nonpublic and private financial information."
According to the suit, Sony failed to maintain a proper firewall and "computer security system," "failure to properly encrypt data," "unauthorized storage and retention of data," and violation of "Payment Card Industry Data Standard(s) and rules and regulations."
Calling this a "reprehensible situation," the suit states that Sony "caused, and continues to cause, millions of consumers fear, apprehension, and damages including extra time, effort, and costs for credit monitoring, and extra time, effort, and costs associated with replacing cards and account numbers, and burden, and is harming both consumers’ and merchants’ ability to protect themselves from such fraud."
The suit categorizes the time between Sony learning of the problem and informing the public as an undue delay, saying that it prevented consumers from making informed decisions as to "whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions."
The suit seeks both actual and punitive damages for the class. Although it doesn't name a specific amount, I think we can assume it will be at least a two crap-loads of money.