Two former employees of Sony Pictures have filed a lawsuit against the company alleging it didn't do enough to safeguard their personal information and prevent its loss in a massive cyberattack in late November.
The lawsuit, filed Monday in U.S. District Court for the Central District of California, asks the court to award monetary damages and also class-action status, That would mean thousands of Sony employees past and present could join the suit if they wished.
"Sony failed to secure its computer system, servers and databases, despite weaknesses that it has known about for years, because Sony made a business decision to accept the risk of losses associated with being hacked," the lawsuit alleges.
It was filed by Michael Corona, who worked at Sony Pictures Entertainment in Hollywood from 2004 to 2007, and Christina Mathis, who worked at Sony Pictures Consumer Products from 2000 to 2002. Both say their personal information was compromised in the breach.
The 45-page lawsuit draws heavily from media reports of the hack, including messages sent by hackers and executives at the major movie studio. It also refers to the large 2011 attack on Sony Computer Entertainment and its PlayStation Network.
That personal information was lost in the hack is not in dispute. Files containing private information on many Sony Pictures employees have already been leaked online.
In a letter to employees last week, Sony management detailed exactly what it fears has been lost: it said the data included employee names, addresses, Social Security numbers, driver's license numbers, passport numbers, bank account information, credit card information for corporate travel, computer usernames and passwords, salary details and "other employment related information."
It also could have included names, addresses, Social Security numbers and medical claims appeals information for staff and their family members that used Sony health plans. This latter set of data might have included medical claim codes, giving hackers an insight into medical conditions of staff and their families.
Sony Pictures did not immediately respond to a request for comment.
Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is firstname.lastname@example.org
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.