Sony has been hit with a class action suit in Canada, seeking 1 billion Canadian dollars ($1.04 billion) in damages, in the wake of the security breaches of the PlayStation Network and Sony Online Entertainment.
The company has already been sued in the U.S. by a resident of Alabama, who said the company was negligent in keeping his personal information safe.
Toronto-based law firm McPhadden Samac Tuovi LLP filed the suit on behalf of 21-year-old Mississauga resident Natasha Maksimovic. The firm says she has been an avid PlayStation user for years.
Sony has said that credit card information was taken from its systems in what it described as a sophisticated cyber attack. The company said credit card information was stolen from both hacked networks.
Sony has not identified who the hackers are. In a letter to Congress, Sony Entertainment America's second-in-command Kazuo Hirai implied that the collective Anonymous might be behind the intrusion, or at least created an opening for them when it mounted a series of DDoS attacks earlier in April.
Besides the lawsuits, several attorneys general have opened up inquiries into how Sony handled the problem. There have also been calls for tighter regulation of not only Sony but other companies that store customer data.
In the U.S., there are already regulations covering the storage and care of financial data, but the incidents at Sony could prompt changes in both regulations and laws. In Canada, there is a Privacy Commissioner who is charged with investigating complaints about data handling in the private and public sector.