With over 70 million users, the PlayStation Network hack is thought to be the second largest in history, providing a host of personal and credit card information to network intruders.
What's worse is that it took Sony nearly a week to disclose the security breach to users, even though network service had been cut days earlier.
That delay has now spurred a class action lawsuit against the company, filed only a day after the breach became public.
On April 20th, Sony's PlayStation Network went offline, but it wasn't until April 26th that the company explained to users exactly what had happened.
In a letter posted to its blog, the company announced that it had learned that, between April 17th and 19th, a hacker had made his way into the PlayStation Network, which led to the network's closure, reports CNN.
The company decided to conduct its own forensic analysis before alerting customers.
The lawsuit, filed in the Northern District of California, accuses Sony of failing to exercise reasonable care to protect user data, which violates a host of California laws, breaches its user contract, and amounts to negligence.
The plaintiff also alleges that Sony's failure to immediately notify consumers of the PlayStation Network hack violated California law that requires expedient notification of a security breach.
Whether the lawsuit will be successful on all claims is up for debate, but the case for negligence appears to be quite strong. As a collector of user data, Sony arguably had a duty to immediately disclose a security breach so that users could act appropriately.