The latest fallout from the Sony Pictures computer breach, where hackers released thousands of pages of internal company emails and other personal, confidential information of employees, is a class action lawsuit that has been filed by former employees of the studio.
The class-action lawsuit alleges the company was negligent in securing its computer systems and the employee’s information despite warnings that its systems were vulnerable to being hacked.
Computer systems are increasing complex and interconnected. This is the strength of the internet and its weakness. With large companies, the cost of securing thousands of potential entry points can be very expensive, and until recently, many companies have been complacent, believing either their protections were adequate or that they were unlikely to be targets.
Both of these assumptions have proven wrong in case after case, from this breach at Sony to the Target data breach of credit card records. This incident may have involved the release of employee medical data according to an interview by one of the attorneys who filed the lawsuit.
The price of this complacency is likely to be steep, both in terms of goodwill damaged by statements contained in emails written by high-ranking employees and in actual costs to undo damage to computer systems and to upgrade security to protect the rebuilt systems from future attacks.
Lawsuits involving the negligence related to the release of personal and confidential information of employees and customers are likely to become a growing area of litigation as companies struggle to develop ways to protect their networks from increasingly sophisticated and devastating attacks by hackers, some of whom may be working for foreign governments.
Latimes.com, “Sony hit with lawsuit by former employees over email leaks,” Saba Hamedy, Meg James, December 16, 2014