clock menu more-arrow no yes

Sony Hack Attack: Here Come the Lawsuits

"Sony made a business decision to accept the risk of losses associated with being hacked."

CBS

In the wake of one of the most significant hacking attacks against a corporation, former employees of Sony Pictures Entertainment have filed suit against the studio alleging it failed to properly safeguard their personal data.

Lawyers representing those former employees slapped Sony with two lawsuits Tuesday — one in the U.S. District Court for Central California and another in a Los Angeles county court.

In the federal case, which is seeking class-action status, Michael Corona and Christina Mathis claim that Sony was negligent in protecting their sensitive personal information, which they say was exposed in the troves of data dumped by hackers over the course of the last three weeks. Corona last worked for Sony Pictures in 2007, Mathis in 2002.

“Sony failed to secure its computer systems, servers and databases despite weaknesses that it has known about for years,” the complaint reads. “Sony made a business decision to accept the risk of losses associated with being hacked.”

In the second suit, former Sony production managers Susan Dukow and Yvonne Yanconelli make similar allegations about the studio’s security weaknesses. They also claim it “knew the risks and repercussions” associated with releasing the forthcoming movie at the center of the breach, “The Interview.” That film, which depicts a CIA-backed assassination attempt on North Korean leader Kim Jong-un by two TV reporters, has been denounced by North Korea. Guardians of Peace, a group that has claimed responsibility for the Sony hack, is thought to be sympathetic to that country.

“Sony received multiple warnings that retribution for releasing the film was inevitable,” the second complaint reads. “Sony knew or should have known that Plaintiffs’ highly sensitive private information was at increased risk of exposure and publication.”

And it should have taken steps to mitigate that risk. According to Douglas Johnson of Johnson and Johnson LLP, a Beverly Hills law firm representing plaintiffs in the county court case, Sony knew about its security weaknesses and failed to address them.

“Sony’s Playstation Network has been hacked before, and they knew that some kind of retaliation for this film was coming,” Johnson told Re/code. “We think they had a lot of notice to do a better job on their computer security.”

Both suits seek damages to be determined at trial, with the federal case demanding credit and bank monitoring for members of its proposed class for five years.

Sony declined comment on the suits.

This article originally appeared on Recode.net.

Sign up for the newsletter Sign up for The Weeds

Get our essential policy newsletter delivered Fridays.