Former and current Sony employees filed a lawsuit against the Hollywood studio this week over the high-profile computer system hack that continues to cause sensitive stolen documents to end up on the web.
On Monday, attorneys representing two former Sony workers filed paperwork in United States District Court for the Central District of California asking that a jury be assembled to weigh in on what could become a class action lawsuit between upwards of 15,000 current and past employees and the major motion picture company over the massive security breach suffered earlier this month.
According to the class action complaint, Sony should have been better prepared to protect against the hackers who recently pilfered troves of company data, especially in light of similar lapses suffered by the company in years past.
Attorneys for the plaintiffs allege in the complaint that “An epic nightmare, much better suited to a cinematic thriller than to real life, is unfolding in slow motion for Sony’s current and former employees” following the recent breach.
“Their most sensitive data, including over 47,000 Social Security numbers, employment files including salaries, medical information and anything else that their employer Sony touched, has been leaked to the public, and may even be in the hands of criminals,” the complaint alleges.
Sony, the plaintiffs claim, should have known better before it allowed its network to be breached during a colossal compromise that’s true scope has yet to be made clear.
“Sony owed a legal duty to Plaintiffs and the other Class members to maintain reasonable and adequate security measures to secure, protect and safeguard” personally identifiable information included within the company’s compromised network, the complaint continues, but Sony failed to accomplish as much as evidenced by the intrusions that allowed hackers to take not just personnel records, but internal emails, unreleased movies and gigabytes upon gigabytes of files.
Hackers have in recent weeks released a trove of stolen Sony information that has proved to be increasingly embarrassing for the company: in addition to unreleased motion picture and internal files containing the personal information of employees, private details about celebrities and even dozens of sensitive passwords have ended up published on the web as well.
In light of similar attacks on Sony in years prior, attorneys for the plaintiffs in the class action suit say the studio should have been prepared.
“Given the repeated data breaches suffered by Sony, as well as recent significant data breach events in the retailer context, Sony knew or should have known that such a security breach was likely and taken adequate precautions,” they allege. “In fact, recently leaked emails and internal assessments reveal that Sony’s own information technology (“IT”) department and, separately, its general counsel believed that its technological security and email retention policies ran the risk of making too much data vulnerable to attack. If only Sony had heeded its own advice in time.”
Attorneys for the co-plaintiffs write in Monday’s complaint that they hope the court will agree to hold Sony liable for failing to secure employee data lost in the breach, and subsequently provides the victims with bank monitoring services, identity theft insurance and legal fees, and that Sony is subjected to routine security audits by order of the court.
Sony settled a class action suit only six months ago against claims stemming from the hack suffered by its PlayStation Network.