You have probably heard at least some of the news surrounding the hacking into the computers of Sony Pictures. The computer hacking allegedly occurred in retaliation for the movie “The Interview,” which mocks North Korea’s leader, Kim Jong Un, and was scheduled to be released on Christmas Day. The incident began on November 24, 2014, when Sony Pictures Entertainment was hacked the first time. Employees were locked out of their computers and glowing red skeletons appeared on their screens. All of the employees’ internal data was obtained and could be shared.
In the weeks that followed, personal information, including salaries, social security numbers, personal emails, and unreleased movies made by Sony were released online. Some of the emails leaked between some of the heads of the company included unflattering comments about actors and other potentially embarrassing information. In mid-December 2014, the group that hacked into Sony threatened terrorist attacks on any theaters airing “The Interview.” A number of theater chains announced they would not show the film. A few days later, Sony announced that it would not release “The Interview.” United States officials later claimed that North Korea was responsible for the hacking.
Sony is now facing at least two lawsuits from employees who had their private information exposed online. The first lawsuit was brought by two former employees who are seeking to make the lawsuit a class action. They claim that they had their social security numbers leaked, as well as salary history and other information, and thatSony should have done more to protect their private information. They also claim they have spent money on identity theft protection. The employees are seeking an unspecified amount of damages and are also asking that Sony provide credit monitoring for five years, identity theft insurance, and a credit restoration service.
The second lawsuit filed also seeks restitution for harm caused by the hacking. It says the plaintiffs deserve compensation for the harm caused by having their social security numbers, medical histories, human resource records and financial information breached. The second lawsuit blasts Sony for failing to take proper security precautions, as well as for creating a risk of retaliation by creating “The Interview.” The lawsuit alleges that thousands of Sony passwords were stored in a file named “password” and that the data was left unencrypted.
A company’s liability for failing to protect their employees’ private data is a fairly new issue. In general, employees have a duty to keep their employees’ private information secure. In most cases, when someone hacks into a company’s computer system, it’s an unforeseen act performed by criminals. In general, businesses and individuals do not owe a duty of care to prevent against the unforeseeable criminal actions of third parties.
However, in this case, Sony may be held liable for failing to prevent the data theft. Sony knew or should have known that the North Korean government would react badly to its leader being mocked and killed in the movie. North Koreans have a reputation for hacking, as well as a reputation of intolerance of criticism. If a company like Sony plans to release such a movie, it must take additional steps to protect the private information of its employees. Although more facts will be made known later, it appears that Sony did not do nearly as much to protect its data as it could have.
Sony may have violated the rights of its employees as well – more will become clear as the lawsuits proceed and the investigations into the hacking continue. If you believe that an employer has violated your legal rights, you are entitled to seek legal compensation. Call Micha Star Liberty, Oakland employment attorney, at 510-645-1000 or 415-896-1000. She works with clients throughout the San Francisco Bay area and helps employees protect their legal rights. Call to schedule your free consultation.