The California federal courts may have an opportunity to resolve this question in ruling on a class action complaint alleging claims of negligence, unjust enrichment, unfair competition, and other claims against Sony. The negligence count states:
50. Defendants breached their duty when they failed to properly protect their data systems from unauthorized access by third parties.
51. Defendants reasonably should have known about the security defect to their data systems before Plaintiffs’ and the other members of the Class’ personal and financial information was obtained by an unauthorized third party. Had Sony properly designed, inspected, and tested their data security system, it would have discovered and remedied the security defect.
The complaint was filed on behalf of Christopher McKewon and Christoper Wilson by the law firms of Wolf Haldenstein Adler Freeman & Herz LLP, in San Diego and Chicago, Doyle Lowther LLP in San Diego, and Goldfarb Branham LLP, in Dallas, Texas.
A similar class action involving a data breach on a much smaller scale, but similar legal theories, was allowed to go forward in Maine in 2009. Another was rejected by the Seventh Circuit in 2007. The Mass. Supreme Judicial Court rejected another one against BJ’s Wholesale Club in 2010.