Two former employees have filed a class action lawsuit against Sony Pictures. Michael Corona, an employee from 2004 to 2007, and Christina Mathis, who worked at Sony between 2000 and 2002, filed the complaint in the federal court in California yesterday.
Earlier this month, a hacker group that calls itself Guardians of Peace started leaking huge troves of Sony's files and emails, revealing social security numbers, healthcare records, salaries, and other confidential information about employees and former employees. People are, understandably, incredibly pissed off that Sony allowed itself to be this vulnerable.
The complaint takes Sony to task for failing to protect its employees even after it was aware of major vulnerabilities:
Sony owed a legal duty to Plaintiffs and the other Class members to maintain reasonable and adequate security measures to secure, protect, and safeguard their PII stored on its Network. Sony breached that duty by one or more of the following actions or inactions: failing to design and implement appropriate firewalls and computer systems, failing to properly and adequately encrypt data,losing control of and failing to timely re-gain control over Sony Network's cryptographic keys, and improperly storing and retaining Plaintiffs' and the other Class members' PII on its inadequately protected Network.
It also points out that Sony was already familiar with the dangers of being hacked, bringing up the time Anonymous hacked Playstation in 2011 as evidence that the company should've been far more prepared for another breach.
One of the most galling aspects of Sony's response to its hack is brought up in the complaint, comparing Sony's scramble to secure its unreleased entertainment to the way it informed and attended to the leaked information of its employees:
Sony has already acted to protect itself by using hacking methods of its own to combat illegal downloads of its movies that hackers publicly released after the Data Breach, according to Recode. Specifically, it is harnessing AmazonWeb Services (the backend that hosts Netflix, Instagram and many others) to launch a distributed denial of service (DDoS) attack on websites hosting the stolen assets.
Sony has not, however, similarly acted to protect its current and former employees.
The complaint also calls the hack "an epic nightmare, much better suited to a cinematic thriller than real life." I'm not sure the hack would make for great cinema but it definitely sounds like a much better movie than The Interview.
You can read the whole lawsuit here: