Sony Hit With Class Action Lawsuit by Ex-Employees

Sony Hacking legal

Sony Pictures Entertainment has been slapped with a lawsuit by two former employees who claim the studio did not do enough to safeguard their private information from a cyber attack.

The class-action suit was filed by Michael Corona and Christina Mathis, both of whom had their social security numbers made public after a hacking group calling itself Guardians of Peace dumped studio documents, employee information and salary charts online. The suit is being filed on behalf of current and former employees of the studio.

Film budgets and employee medical detail were also leaked as part of the hack. The lawsuit claims that Sony knew its security system was vulnerable but made “business decision to accept the risk” of a possible breach rather than spend more money to improve the system.

The suit reads:

“At its core, the story of ‘what went wrong’ at Sony boils down to two inexcusable problems: (1) Sony failed to secure its computer systems, servers, and databases …despite weaknesses that it has known about for years, because Sony made a ‘business decision to accept the risk’ of losses associated with being hacked; and (2) Sony subsequently failed to protect timely confidential information of its current and former employees from law-breaking hackers who (a) found these security weaknesses, (b) obtained confidential information of Sony’s current and former employees stored on Sony’s network, (c) warned Sony that it would publicly disseminate this information, and (d) repeatedly followed through by publicly disseminating portions of the information that they claim to have obtained from Sony’s network through multiple dumps of internal data from Sony’s Network.”

The lawsuit cites recently leaked emails and internal assessments that “reveal that Sony’s own information technology department and, separately, its general counsel believed that its technological security and email retention policies ran the risk of making too much data vulnerable to attack.”

Carona was en employee from 2004 to 2007. The suit says that he has so far spent $700 for a year of identity theft protection. Mathis worked in Sony Pictures Consumer Products from 2000 to 2012. The suit says that she has spent $300 so far on identity theft protection.

The suit was filed by the law firm of Keller Rohrback in Santa Barbara and Seattle.

A spokesman for the studio did not immediately respond to requests for comment.

The ex-employees are claiming negligence, violation of a California law on the confidentiality of medical information, violation of a California law on notification of a security breach and violation of a Virginia law on security breaches. Carona now lives in Virginia.

The lawsuit cites the Sony PlayStation breach in 2011, and claims that the studio “knew or should have known that such a security breach was likely and taken adequate precautions to protect current and former employees” personal information.

The lawsuit makes extensive reference to media reports, including those relying on information from stolen emails, of the Sony hacking in making its case that the studio did not adequately protect itself. Legal experts have said that the hacked emails are unlikely to be admissible in court, as it is stolen property.

The lawsuit claims that the studio failed to “timely and accurately disclose” the breach to employees and ex-employees.

More to come…

Filed Under:

Want to read more articles like this one? SUBSCRIBE TO VARIETY TODAY.
Post A Comment 12

Leave a Reply


Comments are moderated. They may be edited for clarity and reprinting in whole or in part in Variety publications.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  1. Matthias says:

    However there are certainly a large amount of features of the poker online, there are some disadvantages also.

  2. Tery Ramsey says:

    There is nothing beneath the legal profession. Such suits as this one is a perfect example of the level the scum of the earth will stoop to. The legal profession’s contentions are based upon the fact that it is less expensive to settle such a suit than to fight it. I place attorneys who file such suits at the same level as the terrorist the world has to contend with today.

  3. Bill says:

    As far as I know, SPE have done nothing to inform former employees as to whether or not their personal details have been leaked, No public announcement, no contact information, no information about how far back the leaked data goes or what was leaked about who.
    Without the media covering this, former employees would be left entirely in the dark.

  4. Reblogged this on @stevebanfield and commented:
    It was only a matter of time. I’ve already been approached by another colleague who is working with a different firm.

  5. Alex says:

    I wonder if the hackers are ex-employees?

  6. Hollywood Reporter says Christina worked there b/w 2000-2002. Your article says 2000-2012. One of you are wrong.

  7. balashi says:

    I’ll bet dollars to doughnuts Microsoft is behind all of this.

  8. good lord, in this day and age, and not having ID theft protection is the paramount of ignorance.

    • Michael Anthony says:

      Sony had already offered paid monitoring for all. Sounds like they want a payday. Based on current law, its doubtful they would win. And the one who has spent $700 so far is a gullible idiot. That’s way too much.

      • June says:

        I’m with Pete.

        As someone who worked at SPE from 2006-2009, my information is out there … in perpetuity. One year of coverage is NOT enough. If the class action were to award credit monitoring for LIFE, that would be fair. Plus, it is Sony’s job to contact US, not the other way around. I understand they say they do not know all the names and contact information for the former employees, but it is not our job to contact them.

      • Steve says:


        Sony IS offering protection to current and previous employees.

        If you are an ex employee, you need to contact

      • Pete says:

        Sony has NOT “offered paid monitoring:” for all. In fact, they have not even bothered to contact tens of thousands of past employees (actors, writers etc) who have had their personal information, medical history and SSN’s sold on the web as a result of Sony’s negligence. This is the most disgraceful behavior by an American corporation in modern history: they have exposed all of us who worked in good faith for Sony to a lifetime of serious vulnerability and jeopardy: our personal information and that of our children is now available to be stolen online for the rest of our lives. Sony had a duty of care to protect our information — they acknowledged they had serious flaws after thePlaystation attack and DID NOTHING to improve them and safeguard our confidential information. All Amy Pascal and Michael Lynton care about are protecting the damage done by their offensive emails, but who really cares about that in the big picture? Our lives are going to be affected by this forever — the least they can do is contact us and offers us paid monitoring for life.

More Film News from Variety