Sony pays $11 million to settle hacking lawsuit by current and former employees

October 21, 2015 |

The ramifications of the massive data breach suffered by Sony Pictures Entertainment in November 2014 continues.   The theft and publication of embarrassing emails by Sony executives and the unauthorised release of Sony movies were the prominent stories from the leak.  However it was the theft of personal information, including health records that had a significant impact on current and former staff.  Sony has settled a class action claim for $11AU million according to  Sony to pay up to $11 million as part of hacking lawsuit settlement.  The payout is probably not a significant attack on the bottom line given Sony’s overall earnings and profits however that is only part of the story.  Sony has had enormous reputational damage, it will have spent a considerable amount to review and upgrade its data handling practices. It is not enough to merely find the weakness in the defences and patch them up.  Sony’s data handling practices were woeful and its ability to detect a breach ineffective. Data breaches will happen. Storing data safely and in encrypted form behind the security network is important.  As important is to have processes to detect a breach as soon as possible after it has occurred.  The reputational damage for Sony has been significant.  Executives have lost their jobs.

The article provides:

Sony Pictures Entertainment has reached a settlement with current and former employees, agreeing to pay up to $US8 million ($11m) to reimburse them for identity-theft losses, preventative measures and legal fees related to the hack of its computers last year.

The settlement was filed with the US District Court in Los Angeles late on Monday and still needs to be approved by a judge.

The agreement calls for up to $US10,000 ($13,768) a person, capped at $US2.5 million ($3.44m), to reimburse workers for identity theft losses, up to $US1000 ($1376.82) each to cover the cost of credit-fraud protection services, capped at $US2 million ($2.7m), and up to $US3.5 million ($4.8m) in legal fees.

Hackers calling themselves Guardians of Peace broke into Sony Pictures computers and last November released thousands of emails, documents, social security numbers and other personal information in an attempt to derail the release of the North Korean-focused comedy The Interview. The US government blamed North Korea for the attack.

In a memo to staff on Tuesday, Sony Entertainment chief executive officer Michael Lynton called the agreement “an important, positive step forward in putting the cyber-attack firmly behind us”.

Sony Corp chief executive officer Kazuo Hirai told a technology conference on Tuesday that following the hack, the movie studio has “come out more resilient, more strong and they have a very good management team in place now”. Hirai said there wasn’t much of a business impact from the hack, although he said employee morale was hurt for a short time.

Former Sony Pictures co-chair Amy Pascal left her position after a trove of embarrassing emails was leaked, including racially insensitive remarks about US President Barack Obama’s purported taste in movies. She continues to run a production venture at Sony that will handle major blockbuster franchises such as the Spider-Man series.

The news of the settlement has received generous coverage with Sony Hack Lawsuit Settlement Could Cost Company Up To $8 Million and Sony reaches multi-million dollar settlement with ex-employees over hack.

One Response to “Sony pays $11 million to settle hacking lawsuit by current and former employees”

  1. Sony pays $11 million to settle hacking lawsuit by current and former employees | Australian Law Blogs

    […] Sony pays $11 million to settle hacking lawsuit by current and former employees […]

Leave a Reply