Two former Sony Pictures workers filed a class-action lawsuit against the Culver City studio late Monday alleging it failed to protect its employees' confidential information from hackers who leaked nearly 450 GB of sensitive data in a massive breach on Nov. 24.
The 45-page complaint filed in a Los Angeles federal court alleges that Sony "failed to secure its computer systems, servers and databases, despite weaknesses that it has known about for years" and "subsequently failed to timely protect confidential information of its current and former employees from law-breaking hackers." The complaint said that despite being hacked before, Sony did not take adequate steps to protect its computer system from potential attacks by hackers.
The data dump by a group called the Guardians of Peace includes employee criminal background checks, salary negotiations, performance evaluations, compensation reports, personal employee files, and doctors' letters explaining the medical rationale for leaves of absence. There are also spreadsheets containing the salaries of 6,800 global employees, along with Social Security numbers for 47,000 current and former employees.
"Sony gambled, and its employees — past and current — lost," the suit said, calling the breach an "epic nightmare, much better suited to a cinematic thriller than real life."
The complaint said that Sony was aware of the risks it took with its employees sensitive data.
Earlier this month, BuzzFeed News reported that Sony could be facing such a class-action lawsuit less than six months after the company settled a similar suit with regard to the hacking of its PlayStation Network.
Tasneem Nashrulla is a reporter for BuzzFeed News and is based in New York.
Contact Tasneem Nashrulla at firstname.lastname@example.org.
Got a confidential tip? Submit it here.