Sony Corp. may have left itself open to its massive data breach by laying off its security staff just before the attack, a class action alleges.
"Just two weeks before the April breach, Sony laid off" members of "the group that is responsible for preparing for and responding to security breaches," the lawsuit says, citing a confidential witness.
Ars Technica said in a Friday article that this accusation is "perhaps [the] most damning" claim in the lawsuit. Other allegations are weaker, the article said, such as an accusation that Sony is covering up for weak security when it refuses to disclose its encryption methods.
The suit says that Sony's security around consumer data was below its level of security for its development server, suggesting that Sony valued its own data above that of its customers.