The Sony hacking spectacular continues to pay dividends across the board this week as the fighting goes internal on a few fronts. First, as we previously discovered, Sony lawyers are trying to threaten the media and intimidate them into not reporting on the story. (Good luck with that.) But now two of the entertainment giant’s former employees have filed suit to protect them from potential damages stemming from the private data leaks.
Sony Pictures Entertainment Inc has been sued in a class action by two people who described themselves as former employees and accused the company of failing to protect employee data.
The lawsuit against Sony Corp’s Hollywood movie studio, filed on Monday in federal court in Los Angeles, alleged that Sony failed to both secure its computer network and to stop hackers.
The plaintiffs are asking for compensation for any damages as well as credit monitoring services, identity theft insurance and other assistance for themselves and any former or current U.S. employees whose data was similarly compromised.
Representatives with Sony did not immediately respond to requests for comment on the lawsuit.
The employees are Michael Corona and Christina Mathis, both of whom had their social security numbers and other personal data exposed. They have spent money since then for identity theft protection services, but it sounds as if they looking for more than a reimbursement of the costs which total less than one thousand dollars each. If that was the sum total of Sony’s problems on this front they would have paid this off out of petty cash and we’d never have heard about it. Likely more troubling is the precedent that they feel it would set if every employee they’ve had for the last decade or more came knocking at their doors with a summons.
“At its core, the story of ‘what went wrong’ at Sony boils down to two inexcusable problems: (1) Sony failed to secure its computer systems, servers, and databases …despite weaknesses that it has known about for years, because Sony made a ‘business decision to accept the risk’ of losses associated with being hacked; and (2) Sony subsequently failed to protect timely confidential information of its current and former employees from law-breaking hackers who (a) found these security weaknesses, (b) obtained confidential information of Sony’s current and former employees stored on Sony’s network, (c) warned Sony that it would publicly disseminate this information, and (d) repeatedly followed through by publicly disseminating portions of the information that they claim to have obtained from Sony’s network through multiple dumps of internal data from Sony’s Network.”
Meanwhile, the hackers are demanding that Sony not release the movie The Interview at all. Sony has already been cowed into not releasing it in Japan, but I somehow doubt that they could swallow both their pride and that much of a financial loss. Unless, of course, they feel that they have so much dirty laundry in their internal documents that the reprisal would be worse than the proceeds from one film. But what a horrible precedent to set. If hackers can start playing an organization the size of Sony like a puppet, a whole new era of cybercrime will be underway.