Business Analysis Damages 

Sony Hacking Lawsuits, Part II: Former employees file class action for failing to secure their data

Maya Rogers , ,

Sony Pictures Hacking Part II

Former Sony Pictures employees are suing the company for failing to protect their private information in the recent ‘epic’ hacking incident. Filed by Michael Corona and Christina Mathis, the plaintiffs have expressed wishing to form a class action suit, which could include up to 15,000 former employees.

The private data includes Social Security numbers, earnings history and addresses all made public in the hack. Over 47,000 Social Security numbers, birth dates, and medical condition documents were leaked. The plaintiffs claim that Sony has been a victim of hacking before, and failed to put in appropriate safeguards to protect their employees.

Sony is not new to these types of suits – they settled a 2011 class action lawsuit with its customers after the Sony PlayStation network was breached, and data pertaining to over 75 million customers was stolen.

How can the plaintiffs claim monetary damages?

Sony will have to argue that it could not have provided better security to its employees, which may prove difficult in light of evidence that the company used weak passwords and kept some data unencrypted. The plaintiff’s job, however, may be even more challenging, as they will have to provide evidence of economic damages.

Breach lawsuits rarely succeed in court, even in cases that involve stolen credit card information and measurable fraudulent purchases. Because banks assume liability for fraudulent charges made on stolen accounts, plaintiffs usually don’t have any measurable damages they can claim.

One shining light for the plaintiffs in this case may be the recent class action lawsuit that followed a breach at Adobe, in which the court opted to not throw out the case as it found the plaintiffs faced an ‘impending threat of harm‘.

Separate from seeking a dollar amount of economic damages, the plaintiffs have expressed they wish for their former employer to pay for five years of credit monitoring, credit restoration services, and identity theft insurance.

In her article for Wired about the lawsuit, author Kim Zetter says the plaintiffs would have “an uphill battle to prove harm, if they want damages, but it would provide them with an opportunity for discovery, which could further expose Sony’s bad security practices to the public.”

To learn more about what this case could mean for employers, read ‘The latest surge in data breaches highlight key takeaways for employers‘, Brian Hall’s article for Employer Law Report.