Sony is being sued in US court by gamers irked by news that a hacker cracked PlayStation Network defences and pilfered data that could potentially be used for fraud or identity theft.
Separate cases filed in different district courts in California on Wednesday, US time, accused Sony of being negligent and breaching its contracts with PlayStation Network users.
Both suits seek damages and class action status.
Sony did not comment on the lawsuits, but said it was working with investigators and would restore services only when it was confident it was secure.
The PlayStation Network and Qriocity streaming music service were turned off on April 20 in the wake of an "external intrusion," according to Sony spokesman Patrick Seybold.
"We are currently working with law enforcement on this matter as well as a recognised technology security firm to conduct a complete investigation," Seybold said in a blog posted on the PlayStation website.
"This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible."
Launched in November 2006, the PlayStation Network allows PlayStation console users to play games online, challenge others on the internet, stream movies, or get other services.
The Japanese electronics giant said it was possible hackers had taken users' credit card data
"While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," Seybold said, warning that "...we are advising you that your credit card number and expiration date may have been obtained."
Sony said it had emailed all 77 million PlayStation Network users worldwide to warn them that their data may have been stolen.
The lawsuit filed in Southern California on behalf of a Michigan PlayStation Network user contended that the security breach resulted from Sony's "failure to use reasonable care and maintain appropriate security procedures."
The lawsuits also faulted Sony for not alerting PlayStation Network users until April 26th about the hack, which the company reportedly discovered between April 17 and 19.
Stolen data included people's passwords, birthdates, and other personal information that could be used to hack into online accounts or impersonate them on the internet.