Security researchers discovered the dangers of the DRM being used on these CDs last year. Both installed undisclosed and sometimes hidden files on a user's PC exposing them to attack by third parties. The infected CDs also communicated back to Sony BMG about customers' computer use without proper notification. In addition to compensating consumers, Sony BMG was forced to stop manufacturing CDs with both First4Internet XCP and SunnComm MediaMax software. The settlement also waives several restrictive end user license agreement (EULA) terms and commits Sony BMG to a detailed security review process prior to including any DRM on future CDs.
Anyone who bought one of the affected CDs should start the claims process at http://www.eff.org/sony
Source:
Electronic Frontier Foundation