Sony sued by former employees over hack

Two former Sony Pictures employees are suing the company, saying it mismanaged health care information and other personal details grabbed by hackers in a recent breach.

Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Seth Rosenblatt
2 min read

Sony Pictures

Before, Sony was facing down hackers. Now it has a lawsuit to deal with too.

Two former Sony Pictures staffers are suing the Hollywood studio in the US District Court in the Central District of California for a security breach which exposed hundreds of thousands of documents to the public. These former employees claim Sony knew its computer systems were not secure enough to protect confidential employee information prior to the breach, which was revealed to the public on November 24.

The 45-page complaint, filed by Seattle-based law firm Keller Rohrback on behalf of Michael Corona and Christina Mathis, says Sony "failed" to protect from "law-breaking hackers" confidential, personally identifiable employee information including Social Security numbers, home addresses, phone numbers, scans of passports and visas, performance evaluations and health care records, according to the court document.

Corona and Mathis argue Sony should have been better prepared, particularly after the high-profile hack of its video game service, the PlayStation Network, in 2011. "Sony is no stranger to data breaches, making its vulnerability to this latest attack particularly surprising and egregious," the suit says.

Sony's response thus far has been inadequate, Corona and Mathis say. They are demanding the company cover all their credit, credit card, bank, and identity theft monitoring expenses for five years. They're also seeking class-action certification so their suit can represent both current and former employees.

Both the lawyers in the suit and Sony didn't respond to a request for comment.

The breach has revealed the inner workings of Sony. A previously unknown group of hackers commandeered computers inside Sony Pictures and revealed their breach of Sony's systems on November 24. The group, calling itself the Guardians of Peace, damaged computers, and stole unreleased movies, financial documents, employee and celebrity information and details on the internal workings of Sony's computer security department.

In the wake of the breach, Sony Pictures employees and their families were threatened, although the hackers denied responsibility for the threat. Last Sunday, a group claiming to be the hackers offered to withhold employee information from future document releases -- if the staffers contacted the hackers.

The personal information of around 47,000 current and former employees, including executives and celebrities, have been leaked. Controversial emails from Sony's top brass were part of the document dump, which led co-chair Amy Pascal to publicly apologize for her statements. All told, the group claims to have taken around 100 terabytes of data. So far, they have leaked around 150 gigabytes on peer-to-peer file sharing sites -- the equivalent of about 30 DVD movies.