As threats of violence from attackers who claim to have brought down Sony Pictures Entertainment's networks prompted movie theaters to drop the film “The Interview,” a pair of what are likely to be many, many lawsuits were filed in superior and federal courts in California this week, accusing the entertainment company of not adequately security its computer systems in the face of, as plaintiffs in the federal case say, “weaknesses that it has known about for years.”
A month after attackers hacked into Sony Pictures Entertainment's network, sensitive, damaging and embarrassing information is still leaking out to the public and now four former employees have filed class-action suits against the company, alleging that shoddy security practices and lackluster response to security concerns brought to light after the Sony PlayStation Network was hacked in 2011, left the company open to attack and were integral in former and current employees' personal information being exposed in the most current Sony hack.
Calling the Sony incident “an epic nightmare” that is “unfolding in slow motion,” Michael Corona and Christina Mathis, former Sony employees who left the company in 2007 and 2002, respectively, noted in a case filed in U.S. District Court in California that their personal data, including Social Security numbers, have been leaked, increasing their risk of identity theft in the future.
“Sony failed to secure its computer systems, servers, and databases(“Network”), despite weaknesses that it has know about for years because Sony made a ‘business decision to accept the risk',” the suit claimed. And, Sony didn't protect current and former employees' confidential data from hackers who not only exploited the weaknesses but also warned Sony executives that they would release the information publicly and finally did so.
Ironically, some of the emails released by the attackers show that the company's top lawyer as well as its IT department viewed its security setup as vulnerable to attack but the company didn't take steps to plug worrisome holes, lawyers for Mathis and Corona contended in the suit.
Sony has warned employees to be on the watch for cybercriminals trying to use their personal information and has offered employees a year of free credit monitoring. But plaintiffs in the federal case say that Sony's offer does not go far enough since attackers can lie in wait for many years before attempting to steal from them or otherwise use their personal data to commit crimes.
A suit filed in Los Angeles Superior Court by Susan Dukow and Yvonne Yaconelli, former movie production workers, makes similar claims that Sony failed to protect information and violated California laws requiring them to do so. Dukow worked on a number of films, including "Jerry McGuire" and "Spider-Man" while Yaconelli served as production manager for films such as "The Green Hornet" and "Smurfs 3-D." Their suit claims that they and others impacted by the latest attack will likely be damaged “for the rest of their lives.”
Currently, there is seemingly no end to what the hack could cost Sony. In addition to the lawsuits — which are requesting damages and for Sony to pony up for five years worth of free monitoring, the company certainly faces fines and penalties from regulators as well as damage to its reputation and to its bottom line.
The latter has begun to emerge as movie theaters started dropping “The Interview,” the comedy about a fictional assassination plot against North Korea's Kim Jong-Un that allegedly prompted the Sony attack, after the group claiming responsibility for the hack, the Guardians of Peace (GOP), threatened 9/11-like violence if the film is shown. Reuters reported that the New York premiere of the film has been nixed and Regal, AMC, Cinemark and Carmike Theaters reportedly had said they would pull the movie from their scheduled lineups.
On Wednesday, Sony issued a statement, saying in the face of such push back, it had canceled the film's theatrical release, according to Variety. “In light of the decision by the majority of our exhibitors not to show the film The Interview, we have decided not to move forward with the planned December 25 theatrical release," the statement said. "We respect and understand our partners' decision and, of course, completely share their paramount interest in the safety of employees and theater-goers.”
The studio expressed disappointment by "this outcome" and the "brazen effort to suppress the distribution of a movie, and in the process do damage to our company, our employees, and the American public." The company added that it continues to "stand by our filmmakers and their right to free expression... .”
Also on Wednesday, ABC News reported that its sources were saying that there is evidence that a North Korean group, likely its “Bureau 121” cybersecurity unit, is behind the attack after all, despite earlier FBI contentions that a link to North Korea is unlikely.
UPDATE: The New York Times and other media outlets are reporting that senior administration officials have confirmed that North Korea is behind the Sony attack and are speculating that a White House response might be tempered by the U.S.'s hesitance to reveal how it was able to unravel the hack to get to its source. Reports speculate that an official statement may come as soon as Thursday.