Sony Corp.'s network entertainment unit was sued Wednesday by a PlayStation customer claiming it failed to protect users' personal information and credit card data that the company says may have been stolen by a hacker.
The plaintiff, Kristopher Johns, of Birmingham, Ala., seeks to represent all affected users in a class-action suit.
Sony delayed disclosing the security breach to PlayStation online games customers, who couldn't access the service as a result of the problems, according to a complaint filed in federal court in San Francisco.
"Consumers and merchants have been exposed to what is one of the largest compromises of Internet security and the greatest potential for credit card fraud to ever occur in United States history," the customer said in the complaint.
Sony warned its 77 million PlayStation Network and Qriocity online service customers that their credit card data, billing addresses and other personal information might have been stolen. The thief obtained user-provided names, e-mail addresses, birth dates, login information and purchase histories, Sony said on its PlayStation blog page.
The network provides access to online games, movies and television shows. It was attacked from April 17 to 19 and both services were shut down April 20, Sony said.
It took several days to conduct forensic analysis, and experts needed until April 25 to understand the scope of the breach, the company said Tuesday in a statement.
The plaintiff asked for reimbursement for losses from credit card data theft, payment for credit monitoring for all plaintiffs, refunds for defective services and PlayStations and unspecified punitive damages.
Patrick Seybold, a Sony spokesman, didn't immediately reply to a message seeking comment.
Sony said that it notified consumers as quickly as it could.