As threats of violence from attackers who claim to have brought down Sony Pictures Entertainment's networks prompted movie theaters to drop the film “The Interview,” a pair of what are likely to be many, many lawsuits were filed in superior and federal courts in California this week, accusing the entertainment company of not adequately security its computer systems in the face of, as plaintiffs in the federal case say, “weaknesses that it has known about for years.”
A month after attackers hacked into Sony Pictures Entertainment's network, sensitive, damaging and embarrassing information is still leaking out to the public and now four former employees have filed class-action suits against the company, alleging that shoddy security practices and lackluster response to security concerns brought to light after the Sony PlayStation Network was hacked in 2011, left the company open to attack and were integral in former and current employees' personal information being exposed in the most current Sony hack.
Calling the Sony incident “an epic nightmare” that is “unfolding in slow motion,” Michael Corona and Christina Mathis, former Sony employees who left the company in 2007 and 2002, respectively, noted in a case filed in U.S. District Court in California that their personal data, including Social Security numbers, have been leaked, increasing their risk of identity theft in the future.
“Sony failed to secure its computer systems, servers, and databases(“Network”), despite weaknesses that it has know about for years because Sony made a ‘business decision to accept the risk',” the suit claimed. And, Sony didn't protect current and former employees' confidential data from hackers who not only exploited the weaknesses but also warned Sony executives that they would release the information publicly and finally did so.
Ironically, some of the emails released by the attackers show that the company's top lawyer as well as its IT department viewed its security setup as vulnerable to attack but the company didn't take steps to plug worrisome holes, lawyers for Mathis and Corona contended in the suit.
Sony has warned employees to be on the watch for cybercriminals trying to use their personal information and has offered employees a year of free credit monitoring. But plaintiffs in the federal case say that Sony's offer does not go far enough since attackers can lie in wait for many years before attempting to steal from them or otherwise use their personal data to commit crimes.