Sony Pictures Entertainment now faces two lawsuits from four former employees who claim the company did not do enough to prevent hackers from stealing nearly 50,000 social security numbers, salary details and other personal information from current and former workers.
The lawsuits seek to gain class-action status on behalf of those employees whose private data, including medical records, have been released by hackers in recent weeks.
Two employees sued Sony in federal court on Monday, alleging the company failed to secure its computer systems despite "weaknesses that it has known about for years," and instead made a business decision to accept the risk. It contends that the latest data breaches are especially "surprising and egregious" because Sony Pictures has been repeatedly attacked over the years, including a 2011 hack that revealed millions of user accounts on Sony's PlayStation video-game network.
On Tuesday, two former movie production workers sued Sony in Los Angeles Superior Court, claiming the company waited too long to notify employees that their data had been stolen. The case filed by Susan Dukow and Yvonne Yaconelli alleges Sony violated California laws meant to protect sensitive financial and medical information.
Dukow worked on several Sony films between 1993 and 2004, including "Jerry Maguire," ''Spider-Man" and "Charlie's Angels II." Yaconelli worked as a production manager on Sony films between 2001 and 2011 including "Riding in Cars with Boys," ''The Green Hornet," and "The Smurfs 3D." Both women worked on "Spider-Man II," according to the lawsuit.
"The repercussions of Sony's failure to implement and maintain reasonable security practices and procedures will likely damage plaintiffs and class members for the rest of their lives," Dukow and Yaconelli's lawsuit states.
A Sony representative declined comment on the lawsuits Tuesday afternoon.
Highly sensitive material from the entertainment unit of Tokyo-based Sony Corp. has been leaked almost daily since hackers broke into its computer networks last month. New threats and data leaks from the shadowy group calling itself Guardians of Peace, or GOP, were issued Tuesday.
The federal case filed Monday has two named plaintiffs: Michael Corona, a former Sony Entertainment employee who left the company in 2007 and now lives in Virginia, and Christina Mathis, who left the company in 2002 and lives in California. They allege their Social Security numbers and other sensitive personal information have been leaked, exposing them to identify theft for years to come.
Their lawyers allege that emails and other information leaked by the hackers show that Sony's information-technology department and its top lawyer believed its security system was vulnerable to attack, but that company did not act on those warnings. Corona and Mathis do not spell out how much they are seeking the case, but want actual damages and an order requiring Sony to pay for services to monitor credit and banking services and repair damage from identify theft for at least five years.
Sony has offered employees one year of credit monitoring, the lawsuit states. The plaintiffs claim that protection is inadequate because it can take years for thieves to exploit the personal information included in the data breach. Corona so far has spent $700 on identity theft protection for him and his family, and Mathis has spent $300, according to the suit.
Legal experts said the cases are likely just two of many that will be filed over the data breach. Sony potentially faces tens of millions of dollars in damages from a class-action lawsuit, said Jonathan Handel, an entertainment law professor at the University of Southern California Gould School of Law.
"This is not a 'bet your company' lawsuit but it is a serious matter for Sony both in terms of dollar exposure and public perception of the brand," Handel said. "This doesn't look good for Sony, which after all is a technology company."
In addition to lawsuits from its ex-employees, Sony is likely to face fines from government regulators and lawsuits from actors, producers and directors who may not want to work with the studio anymore, said Steven S. Rubin, a New York cybersecurity lawyer with the firm Moritt Hock & Hamroff.
Among the materials that have been leaked are sensitive emails and studio materials that criticize actors and producers. Those with ongoing contracts with Sony could argue the company has breached their agreement and move their work elsewhere, Rubin said.