Two former Sony Pictures employees have sued the company for failing to protect their private information in the mega-hack.
The plaintiffs say their Social Security numbers, birthdays, addresses, salary history and reasons for leaving the company were made public in the hack. They say that Sony had been a frequent hacking victim and lacked sufficient safeguards to protect their employees’ data.
The plaintiffs are seeking to form a class action lawsuit of up to 15,000 former employees. They’re not seeking a specific dollar amount, but they want Sony to provide them with five years of credit monitoring, bank monitoring, identity theft insurance and credit restoration services. They also want Sony to be subject to regular privacy audits.
Sony is no stranger to these privacy lawsuits. In 2011, Sony’s PlayStation network was breached, and the company settled a class action lawsuit with its customers.
Most of these kind of lawsuits don’t end up going to trial.
Though Sony might have a difficult time proving that there was no way to protect its employees’ data, the plaintiffs would also have difficulty proving that there were real monetary damages, according to Peter Rukin, media law attorney at Rukin Hyland Doria & Tindall. Both plaintiffs said they spent hundreds of dollars on online fraud monitoring services — but that’s about it.
“In terms of Sony’s potential liability, there are questions about the company’s level of preparedness, including reports that it used weak passwords and kept some data in unencrypted format,” said Craig Newman, media law attorney at Richards Kibbe & Orbe. “If true, that type of evidence can look bad for a company.”