Sunday, June 4, 2023 | Back issues
Courthouse News Service Courthouse News Service

Sony Hacks Affects Thousands, Workers Say

LOS ANGELES (CN) - The well-publicized hacks of Sony Pictures Entertainment exposed as many as 47,000 current and former employees to ID theft, according to two class actions in Los Angeles.

Lead plaintiffs Michael Corona and Christina Mathis sued Sony on Monday in Federal Court.

Susan Dukow and Yvonne Yaconelli filed a similar class action on Tuesday, in Superior Court.

Citations in this article come from the federal complaint.

The hacks by the so-called "Guardians of Peace" made worldwide news when catty messages from and about Hollywood bigwigs were made public.

Speculation has abounded, but no proof, that the hacks were a response to Sony's forthcoming movie "The Interview," a comedy based on an assassination plot against North Korean dictator Kim Jong Un.

Kim, a movie buff, called the movie "an act of war."

On Tuesday, a person or people claiming affiliation with the hacking group posted Internet messages that appear to threaten acts of terrorism when the movie opens.

The class actions filed this week, however, do not involve film stars, terrorism or movie moguls. They come from regular folks who work or worked for Sony.

Corona accuses Sony of negligence, medical confidentiality violations, and failing to provide immediate notification of the data breach of personal information.

Corona describes the breach as "an epic nightmare, much better suited to a cinematic thriller than to real life."

He claims the hackers obtained the Social Security numbers of 47,000 Sony employees and other sensitive information that now could be used by criminals.

Corona claims the hackers obtained "current and former employee names, home addresses, telephone numbers, birth dates, Social Security numbers, email addresses, salaries and bonus plans, health care records, performance evaluations, scans of passports and visas, reasons for termination, details of severance packages and other sensitive employment and personal information."

He claims there were two "inexcusable problems" that caused the problem: Sony officials didn't correct known weaknesses in the company's security systems that protect its databases and did not "timely protect" database information. He says Sony made a "'business decision to accept the risk.'"

It's not the first data breach for Sony, which suffered a "major breach" of its PlayStation video game network in April 2011, and other "repeated data breaches," Corona claims.

Corona worked for Sony Pictures Entertainment from 2004 to 2007 and says the hackers obtained his "full name, Social Security number, birthdate, former address, salary history, and reason for resigning."

Mathis says she worked for Sony Pictures Consumer Products from 2000 to 2002 and that the hackers obtained her Social Security number and former address. She says Sony still has not contacted her about the data breach aside from sending a "form letter response" to an email inquiry she made about the data breach.

The so-called Guardians of Peace seized control of Sony Entertainment's network on Nov. 24. It posted images and information on actors, filmmakers and current and former employees, including images of passports and visas, Social Security numbers, performance evaluations, salaries and bonus plans, reasons for leaving the company and information on severance packages.

Plaintiffs seek class certification, actual and statutory damages for negligence and medical privacy violation, restitution, disgorgement and an injunction.

The federal plaintiffs are represented by Khesraw Karmand with Keller Rohrback of Santa Barbara.

The plaintiffs in Superior Court are represented by Douglas Johnson, with Johnson & Johnson, of Beverly Hills. They seek similar damages, and also allege violation of privacy.

Read the Top 8

Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.