Gamers in the US have sued Sony for negligence and breach of contract over the massive PlayStation Network (PSN) hack that took place last week.
A day after Sony publicly acknowledged that hackers could have stolen personal details of users, separate cases were filed in different district courts in California. The suits accused Sony of being negligent and breaching its contracts with PSN users.
On 19 April, the Japanese electronics maker shut down its PSN, but the company did not disclose the data theft. Sony had said that it had turned off the service as it was investigating an "external intrusion" and upgrading its security with additional features.
However, a week later, Sony said the service had been hacked and that hackers could have accessed personal details, including credit card details, of 77 million users spread across the world.
The disclosure led to outrage among users worldwide and shares in Sony fell 5%.
The delay is being seen by many as an attempt to deliberately hide facts from consumers. Governments in both the US and the UK have taken note of the issue and have asked Sony to explain.
Now, the two lawsuits filed against the company seek damages and class action status.
The lawsuit filed in Southern California on behalf of a Michigan PlayStation Network user said that hack was a result of Sony’s "failure to use reasonable care and maintain appropriate security procedures."
The lawsuits also faulted Sony for hiding the massive data breach until 26 April, which the company reportedly discovered between 17 and 19 April.
Sony did not comment on the lawsuits, but said that it was working with investigators to find out the culprit and take action.
Sony spokesman Patrick Seybold said, "We are currently working with law enforcement on this matter as well as a recognised technology security firm to conduct a complete investigation."
"This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible."
The San Diego office of the Federal Bureau of Investigation is helping Sony with its inquiry into the hacking incident in the US.
The Japanese electronics company has also said that though it was possible hackers had taken users’ credit card data, its credit card information were stored in securely encrypted files.
"While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," Seybold said.
However, other information, including dates of birth and home addresses, did not have the same level of protection, the company said.
Sony has asked users to report any unusual transactions of credit cards. Visa Europe has said that users would not have to pay for cards that make unauthorised payments.
About the time it requires to restore the service, Sony has said that it is moving its network infrastructure and its data centre to a new, more secure location. It expects to have some services restored by next Tuesday, but the company stressed that it will only restore operations if it is confident that the network is secure.
Meanwhile there are reports that the stolen data from PSN hack is up for sale on underground Internet forums. Security researchers have reportedly tracked discussions which show that the hackers had a database that personal data of users and as many as 2.2 million credit card numbers.
A senior threat researcher has reportedly said that he had seen the database on several hacker forums, including indications that the Sony hackers were hoping to sell the credit card list for upwards of $100,000. He also said that the hackers had offered to sell the data back to Sony.
Sony has refuted such claims. Seybold said, "To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list."
George Hotz, the American hacker who was accused in the controversial Sony lawsuit over his hacking of the PS3, has said he was not responsible for the PSN hack.
In a related development, Microsoft has issued a warning to the users of its Xbox Live network that they could be targeted by "phishers" while playing "Call of Duty: Modern Warfare 2" online.
