The final loose ends from the massive hack of Sony's PlayStation Network that first came to light in April 2011 are being tied up, with Sony agreeing to a settlement that could hold it liable for up to $15 million in damages, plus nearly $2.75 million in attorney fees.

The lengthy settlement agreement (PDF) offers a number of benefits to users affected by the breach: a free downloadable PS3 or PSP game (from a selection of 14 titles), three PS3 themes (from a selection of six), or a three-month subscription to PlayStation Plus. Users who took advantage of Sony's "Welcome Back" promotion back in 2011 can choose one of those benefits, while those who didn't get a free game back then can choose from two of the three benefits.

Sony has also agreed to pay up to $2,500 to each user who can show that their identity was compromised in a way that "more likely than not... directly and proximately resulted from the PSN Intrusion or the SOE Intrusion and not from any other source." Users can get additional benefits if they can show they stopped using their PSN account for the last three years because of the breach, if they lost out on time using an existing Qriocity music subscription, or if they were registered for Sony Online Entertainment games.

In the settlement documents, lawyers for the class of PSN users note that Sony continues to deny its standing, liability, and damages in the case and that a full trial would be a lengthy and costly process not guaranteed to come to a useful conclusion for the claimants.

"Given the complex nature of the security breach at issue, a battle of the experts at trial is almost a certainty and, as such, continued proceedings would likely include substantial expert discovery and significant motion practice related to such," the attorneys write. "Also, considering the size of the Settlement Class and the amount of money at stake, any decision on the merits would likely be appealed, causing further delay, as it would require briefing and likely oral argument."

After the massive class-action case was first filed in 2011, district judge Anthony J. Battaglia ruled in 2012 that Sony was not liable for "perfect security" and largely dismissed overly broad complaints that the company was negligent for not following industry-standard security practices. Judge Battaglia did give the claimants a chance to refine and amend their claims, though, leading to this week's settlement.

Sony was previously fined a relatively paltry £250,000 by the UK's Information Commissioners Office for failing to adequately protect user data.

A separate class-action lawsuit regarding Sony's removal of the "Other OS" installation option on the PS3 was dismissed in 2011.

All affected PSN users should soon be contacted with a form to claim any benefits to which they are entitled under the settlement.