source : The Verge
A group of former and current Sony Pictures employees are suing the
company for failing to protect their data, according to a complaint filed today in California District Court. (A second suit has also been filed according to The Hollywood Reporter, alleging
that the choice to name North Korea put employees in danger.) The group
is led by a former employee named Michael Corona, who worked for Sony
between 2004 and 2007, and is currently spending $700 a year for
identity theft protection. Sony has reportedly offered to provide
identity theft monitoring services to current employees, but many
previous employees like Corona have been affected by the leak and left
to fend for themselves.
"An epic nightmare, much better suited to a cinematic thriller than to real life."
The complaint opens dramatically, describing the hack as, "an epic
nightmare, much better suited to a cinematic thriller than to real
life...unfolding in slow motion for Sony's current and former
employees." The complaint alleges that Sony failed to adequately secure
its systems despite years of warning signs, making a "business decision
to accept the risk." Once the hack was under way, the complaint says
Sony didn't do enough to protect employe information after the fact,
despite multiple warnings from attackers.
The case focuses particularly on the leak of 47,000 social security numbers from current and former employees, which occurred more than a week after the initial attack.
It's unclear when the affected employees received credit monitoring
services to help mitigate the effects of the leak, although Sony should
have had ample warning that such a leak was possible. In a strange
twist, the complaint seems to rely heavily on other leaked documents.
Leaked emails help establish that executives were aware of the
vulnerabilities in the computer system, and chose not to improve it
after previous attacks. It's unclear whether these documents will
ultimately be seen as admissible in court.
No comments:
Post a Comment