Sony Hack Attack Opens Minefield of Legal Questions That Has Hollywood Worried

In the aftermath of the cyber breach on Sony Pictures, lawyers wrestle with class action suits as execs ponder cyber security

If there’s a common note of caution from security experts in the wake of the Sony hack, it’s this: Nothing will be 100% foolproof.

That is a challenge from a legal perspective, as Sony is facing a class-action lawsuit that it didn’t take enough precautions against a massive data breach that the studio calls unprecedented. In other words, where does liability end and unforeseen circumstances begin?

Studios can certainly substantially reduce the risk of a data meltdown, but the ever-changing nature of cyber threats and, perhaps more importantly, the sheer number of employees and contractors working on a system, exposes vulnerabilities.

“I can tell you without any hesitation that every studio is taking this issue very, very seriously and investigating resources and seeking out personnel and ideas on how to make protection for their content,” says Chris Dodd, chairman of the MPAA.

Jason Greenberg for Variety

Matt Bogaard of security consulting firm the Bogaard Group Intl. says that colleagues have told him that long-in-the-works proposals for security controls among studios and entertainment firms are “all being approved today.”

A challenge, he says, is that companies can implement “the highest level of sophistication as far as firewalls and technology and compliance … but no matter how good it is there is always a people component. It is the people part of this whole situation that is very difficult. Everyone in the company has to participate in the solution.”

Dodd points to reports where attitudes are changing toward how employees view content security. “The good news is people realize after the Sony hack this is really serious stuff.”

Obviously, what woke people up was the insidious nature of the hack — and a seemingly unending stream of publicity that took on many different strands. After the FBI pinned the blame on North Korea, the White House went into top gear, pushing for legislation to deal with cyber attacks as well as announcing a series of executive orders.

On April 1, President Obama announced a new program that gives the government the ability to impose sanctions against groups and individuals who engage in cyber attacks, with penalties such as freezing of assets. It raises the possibility of sanctions for such activities as corporate espionage and stealing of trade secrets.

Dodd said that there seems to be bipartisan consensus on the need for legislation on cyber threat information sharing between private companies and federal agencies, as well as measures to provide more resources to legal authorities to prosecute such crimes.

More uncertain are prospects for proposed legislation, like measures to establish uniformity in laws on requirements for companies to inform customers and their employees of a data breach.

That is among the issues brought up by nine former Sony employees who filed a class-action lawsuit against Sony even as the studio was still grappling with the full measure of the damage.

The plaintiffs in the case characterize the breach as an “epic nightmare, much better suited to cinematic thriller than to real life.” They contend that Sony did not maintain “reasonable and adequate” security measures to protect employees’ personal information, like social security numbers, salary, and data about bank accounts and health insurance.

The suit accuses the studio of failing to maintain basic measures like access controls and requiring passwords with complexity and encryption. It also contends that Sony left employees in the dark about the scope of the breach.

A hearing is scheduled for May 11 in a federal court in Los Angeles on Sony’s motion to dismiss the case.
There’s been anticipation that the studio’s defense will be that the attack was massive and unprecedented — and therefore unforeseeable. FBI’s Joseph Demarest even testified before a congressional committee that the malware used in the attack could have gotten past “90% of the net defenses that are out there today in private industry.”

But Sony’s lawyers are first trying to end the plaintiff’s case by arguing they don’t have standing to sue because they have “not alleged any legally cognizable harm.” In other words, the ex-employees are suing over their fears of what could happen to their personal information, not over losses resulting from the breach.

Such an attempt to get a case dismissed on such procedural grounds is not a surprise, given the tremendous legal costs if the case moves to a discovery phase, when there could be a full examination of just what type of security protocols Sony had in place, says Bryan Sullivan of the law firm Early Sullivan.

If the litigation moves forward, he says, “I think this is going to lay out a roadmap for the studios (focusing on) what is reasonable in a given situation.” Questions to ask, he adds, include: What precautions are a reasonable company supposed to take? What happens if you buy NSA software and still get hacked?

“It’s not an easy question to answer, which is why Sony is trying to attack this litigation right away,” he says.

More Biz

  • Jussie Smollett

    Jussie Smollett Charged With Filing False Police Report

    “Empire” actor Jussie Smollett has been charged with filing a false police report, the Chicago police said Wednesday. “Detectives will make contact with his legal team to negotiate a reasonable surrender for his arrest,” police spokesman Anthony Guglielmi said on Twitter. Smollett is due to appear in court for a bond hearing at 1:30 p.m. [...]

  • Coast Guard Lieutenant Hit List

    Coast Guard Lieutenant Targeted CNN, MSNBC Anchors and Democrats for Attacks

    Anchors at CNN and MSNBC and prominent Democrats were targeted for attack by a Coast Guard lieutenant arrested Friday on a firearms charge, according to federal prosecutors in Maryland. In court documents revealed Tuesday, prosecutors describe the firearms and controlled substance charges Christopher Paul Hasson is facing as “the proverbial tip of the iceberg.” CNN’s [...]

  • Jussie Smollett suspect

    Jussie Smollett Named a Suspect by Chicago Police for Filing False Report

    Chicago police have named “Empire” actor Jussie Smollett as a suspect in a criminal investigation, three weeks after he reported he was the victim of a hate crime. Detectives are presenting evidence to a grand jury, which is expected to determine whether to indict Smollett on a charge of filing a false police report. “Jussie [...]

  • Contract Placeholder Business

    WGA, Agents Face Tough Issues on New Franchise Pact (Column)

    The Writers Guild of America and the major talent agencies are seven weeks away from a deadline that could force film and TV writers to choose between their agents and their union. This is a battle that has been brewing for a year but few in the industry saw coming until a few weeks ago. [...]

  • Island Records Names Christine Kauffman Senior

    Island Records Names Christine Kauffman Senior VP of Brand Partnerships

    Veteran advertising executive Christine Kauffman has been named senior VP of brand partnerships at Island Records, the company announced today. She will be based in New York and report to Island COO Eric Wong. In making the announcement, Island President Darcus Beese said, “The fast-paced and competitive field of strategic brand marketing has become an [...]

  • Latin Music Veteran Nir Serioussi Joins

    Latin Music Veteran Nir Serioussi Joins Interscope as Executive VP

    Interscope Geffen A&M announced today that veteran executive, producer and songwriter Nir Seroussi will join the company as executive vice president. The announcement was made by Interscope Geffen A&M Chairman and CEO John Janick, to whom Serioussi will report. (Seroussi, center, is pictured above with Janick, left, and Interscope EVP Joie Manda.) According to the [...]

  • Tan FranceUnforgettable Gala, Inside, Los Angeles,

    'Queer Eye' Star Tan France to Host Audiobook Audie Awards

    “Queer Eye” resident style expert Tan France is taking on a slightly different project next month as he hosts the Audie Awards, which honors the best releases and achievements in audiobooks over the past 12 months. The ceremony, which takes place on March 4 in New York, is an annual event organized by the Audio [...]

More From Our Brands

Access exclusive content