The hacking of Sony Pictures Entertainment’s emails and other data shortly before it was to release the satirical movie “The Interview” has been at the top of the headlines for weeks now. Much of the coverage has focused on what producers and executives at Sony were saying about various celebrities behind closed doors. But there is an aspect of this case that, for current and former Sony employees, is much more important than some movie star gossip.
Two former employees of the entertainment giant have filed a class-action lawsuit, accusing Sony of failing to take reasonable action to protect their privacy from cyber attacks. The plaintiffs formerly worked in Sony’s IT department. They say that Sony should have taken an earlier attack as a warning to beef up security for its network, but the company failed to do so.
The previous incident, according to the filing, took place in 2011 and was “one of the largest data breaches in history.” That time, the hackers exploited a “known vulnerability” in Sony’s data security. An investigation revealed that the company had failed to put in place “even the most rudimentary security protocols,” according to the plaintiffs.
Despite this warning, the plaintiffs say, Sony did not take sufficient action to protect its employees’ private information. Their suit charges Sony with negligence and invasion of privacy, among other things.
Employees often must submit sensitive information to their employers, such as their Social Security numbers. In today’s world, employers who do not take steps to keep their networks secured from hackers could allow that data to fall into the hands of criminals.