You will be redirected back to your article in seconds

Sony Hack Attack Opens Minefield of Legal Questions That Has Hollywood Worried

In the aftermath of the cyber breach on Sony Pictures, lawyers wrestle with class action suits as execs ponder cyber security

If there’s a common note of caution from security experts in the wake of the Sony hack, it’s this: Nothing will be 100% foolproof.

That is a challenge from a legal perspective, as Sony is facing a class-action lawsuit that it didn’t take enough precautions against a massive data breach that the studio calls unprecedented. In other words, where does liability end and unforeseen circumstances begin?

Studios can certainly substantially reduce the risk of a data meltdown, but the ever-changing nature of cyber threats and, perhaps more importantly, the sheer number of employees and contractors working on a system, exposes vulnerabilities.

“I can tell you without any hesitation that every studio is taking this issue very, very seriously and investigating resources and seeking out personnel and ideas on how to make protection for their content,” says Chris Dodd, chairman of the MPAA.

Jason Greenberg for Variety

Matt Bogaard of security consulting firm the Bogaard Group Intl. says that colleagues have told him that long-in-the-works proposals for security controls among studios and entertainment firms are “all being approved today.”

A challenge, he says, is that companies can implement “the highest level of sophistication as far as firewalls and technology and compliance … but no matter how good it is there is always a people component. It is the people part of this whole situation that is very difficult. Everyone in the company has to participate in the solution.”

Dodd points to reports where attitudes are changing toward how employees view content security. “The good news is people realize after the Sony hack this is really serious stuff.”

Obviously, what woke people up was the insidious nature of the hack — and a seemingly unending stream of publicity that took on many different strands. After the FBI pinned the blame on North Korea, the White House went into top gear, pushing for legislation to deal with cyber attacks as well as announcing a series of executive orders.

On April 1, President Obama announced a new program that gives the government the ability to impose sanctions against groups and individuals who engage in cyber attacks, with penalties such as freezing of assets. It raises the possibility of sanctions for such activities as corporate espionage and stealing of trade secrets.

Dodd said that there seems to be bipartisan consensus on the need for legislation on cyber threat information sharing between private companies and federal agencies, as well as measures to provide more resources to legal authorities to prosecute such crimes.

More uncertain are prospects for proposed legislation, like measures to establish uniformity in laws on requirements for companies to inform customers and their employees of a data breach.

That is among the issues brought up by nine former Sony employees who filed a class-action lawsuit against Sony even as the studio was still grappling with the full measure of the damage.

The plaintiffs in the case characterize the breach as an “epic nightmare, much better suited to cinematic thriller than to real life.” They contend that Sony did not maintain “reasonable and adequate” security measures to protect employees’ personal information, like social security numbers, salary, and data about bank accounts and health insurance.

The suit accuses the studio of failing to maintain basic measures like access controls and requiring passwords with complexity and encryption. It also contends that Sony left employees in the dark about the scope of the breach.

A hearing is scheduled for May 11 in a federal court in Los Angeles on Sony’s motion to dismiss the case.
There’s been anticipation that the studio’s defense will be that the attack was massive and unprecedented — and therefore unforeseeable. FBI’s Joseph Demarest even testified before a congressional committee that the malware used in the attack could have gotten past “90% of the net defenses that are out there today in private industry.”

But Sony’s lawyers are first trying to end the plaintiff’s case by arguing they don’t have standing to sue because they have “not alleged any legally cognizable harm.” In other words, the ex-employees are suing over their fears of what could happen to their personal information, not over losses resulting from the breach.

Such an attempt to get a case dismissed on such procedural grounds is not a surprise, given the tremendous legal costs if the case moves to a discovery phase, when there could be a full examination of just what type of security protocols Sony had in place, says Bryan Sullivan of the law firm Early Sullivan.

If the litigation moves forward, he says, “I think this is going to lay out a roadmap for the studios (focusing on) what is reasonable in a given situation.” Questions to ask, he adds, include: What precautions are a reasonable company supposed to take? What happens if you buy NSA software and still get hacked?

“It’s not an easy question to answer, which is why Sony is trying to attack this litigation right away,” he says.

More Biz

  • Former movie producer Harvey Weinstein (L)

    Harvey Weinstein Reneged on Payoff to HR Director, Suit Claims

    The former Human Resources director of the Weinstein Co. filed a lawsuit on Tuesday, claiming he never received a $450,000 payout he was promised in the wake of the New York Times’ expose in October 2017. Frank Gil alleges that Weinstein promised him the money on Oct. 6, the day after the Times’ story ran. [...]

  • Plume of black smoke rising from

    Attorney for Universal Music Artists Impacted by 2008 Fire Requests Inventory

    Following on its statements last week that it will be filing a lawsuit on behalf of several Universal Music recording artists impacted by a 2008 fire that destroyed a huge number of master recordings, a Los Angeles law firm has requested a “complete inventory” from the company. Addressed to UMG CEO and chairman Lucian Grainge, [...]

  • Charles Caldas To Step Down as

    Charles Caldas To Step Down as Merlin CEO

    Charles Caldas, the only CEO that the independent-label collective Merlin has ever known, announced today that he will step down from his post at the end of 2019, after more than 12 years at the helm of the global rights organization. He will continue his current duties until then and work with the Merlin board to [...]

  • Merlin Reports Record Distributions for 2019

    Merlin Reports Record Distributions for 2019

    Global indie-label collective Merlin reported record distributions in its 2019 membership report, paying $845 million to label and distributor members between April 2018 and March of this year. That figure, a 63% year-over-year increase, includes more than $130 million paid out this year from non-royalty income — and included in that figure is the estimated [...]

  • Dwyane Wade on Supporting His Son

    NBA Star Dwyane Wade on Supporting His Son's Attendance at Miami Pride

    NBA star Dwyane Wade spoke to Variety about why it was important for him to support his younger son attending a pride parade last spring. In April, Wade’s then 11-year-old son Zion posted pictures of himself at Miami Pride, with his siblings and stepmother Gabrielle Union. Wade, who was on the road with the Miami [...]

  • Songs for Screens Powered by Mac

    Songs for Screens: How Eric Church Teamed With Ram Trucks — and Five Tons of Vinyl — for ‘Solid’ Campaign

    Country star Eric Church has long used his new music to reward his loyal fans, from surprise releasing 2015’s “Mr. Misunderstood” album as a direct fan-club exclusive to impromptu meet-and-greets before his hometown show in Greensboro, North Carolina. So when Church was prepping the April vinyl release of 2018’s critically acclaimed “Desperate Man,” the singer [...]

  • Harvey Weinstein legal team

    Harvey Weinstein Loses Another Defense Lawyer

    Harvey Weinstein has lost another defense lawyer, just three months before he is set to go on trial for rape and sexual assault. Attorney Jose Baez told the judge overseeing the case that Weinstein had taken actions that made it difficult to represent him, according to a letter obtained by the New York Post. Baez [...]

More From Our Brands

Access exclusive content