A new class-action lawsuit filed against Sony in the wake of the massive PlayStation Network/Qriocity breach alleges that the company protected its proprietary information but failed to properly safeguard data related to its customers.
The suit (PDF), filed on behalf of plaintiffs Paul Geller, Stuart Davidson and Mark Dearman, who were among the 77 million victims of the breach, claims Sony failed in a number of areas to adequately prevent the incident.
Among the allegations, citing "confidential witnesses cooperating in this investigation," are that Sony failed to install a permanent firewall on the PlayStation Network and that it knew its security was weak because it had experienced "smaller" hacks prior to the big one.
But perhaps the most damning claim in the suit, filed in the U.S. District Court in San Diego, was that the company fired security workers just days before the breach occurred, among the largest reported in U.S. history.
"Sony sought to cut its costs at the expense of its customers by terminating a significant number of employees immediately prior to the security breach, including personnel responsible for maintaining security of the network," the complaint states.
The suit contends that Sony cared more about protecting its development server than its customers' information.
The complaint also accuses Sony of failing to use a "sufficient encryption code" to protect financial data. Sony has refuted this, saying it was encrypting all credit card numbers and that there is no proof any of them were stolen.
Left unencrypted were other assets, such as usernames, physical addresses, email addresses, birth dates and PSN/Qriocity credentials -- all of which were compromised. The hackers also may have obtained purchase histories, billing addresses and password challenge answers.
The lawsuit seeks unspecified damages and for a court order preventing Sony from "engaging in unlawful, unfair and fraudulent business practices."
A Sony spokesperson could not be reached for comment on Friday.