Not unexpectedly, Sony Corp. as recently as four days ago attempted to have the lawsuits tossed out of court.
A common assertion amongst the plaintiffs is that Sony did little to prevent future attacks after a series of previous data hacks. It has been widely reported that the most recent hack originated in North Korea in response to the production and imminent release of the comedy that spoofs North Korean leader Kim Jong-un.
Plaintiffs in seven putative class actions point to prior data breaches suffered by Sony Network Entertainment International LLC and Sony Computer Entertainment America LLC that compromised the personal information of some 77 million PlayStation Network users in 2011. The plaintiffs in the six federal class actions and lone state class action assert that Sony dropped the ball following the 2011 data breaches and didn’t do enough to shore up any weaknesses that may have allowed the most recent data breach in the fall of 2014.
No matter. On February 9, Sony attempted to have the lawsuits thrown out in the face of allegations made by the majority of the various actions that Sony violated the California Customer Records Act. Sony’s position is that the Act does not apply given that plaintiffs are not customers, but rather employees of Sony.
“There are no allegations of identity theft, no allegations of fraudulent charges, and no allegations of misappropriation of medical information,” said the motion to dismiss the case brought by former employee Michael Corona. “Instead, the plaintiffs assert a broad range of common-law and statutory causes of action based on their alleged fear of an increased risk of future harm, as well as expenses they claim to have incurred to prevent that future harm. Those allegations, however, fail as a matter of law to establish the plaintiffs’ standing to sue.”
In response to an invasion of privacy allegation made by another former employee, Sony argued that the inadvertent loss of employee information falls short of standards set and observed by the court.
“The unintentional loss of data resulting from the theft by a third party, exposing the plaintiffs to, at most, an increased risk of identity theft does not constitute egregious conduct on SPE’s part so as to give rise to an actionable invasion of privacy,” Sony said.
With business, commerce, retail purchases and entertainment options increasingly embracing the Internet, consumers are expectant that corporations and other entities that conduct commerce online have bullet-proof safeguards in place to protect personal information and other sensitive data.
READ MORE DATA BREACH LEGAL NEWS
The cases are Michael Corona et al. v. Sony Pictures Entertainment Inc., case number 2:14-cv-09600; Joshua Forster et al. vs. Sony Pictures Entertainment Inc., case number 2:14-cv-09646; Michael Levine et al. v. Sony Pictures Entertainment Inc., case number 2:14-cv-09687; Marcela Bailey et al. v. Sony Pictures Entertainment Inc., case number 2:14-cv-09755; Steven Shapiro et al. v. Sony Pictures Entertainment Inc., case number 2:14-cv-09762; Anastasio Garcia Rodriguez v. Sony Pictures Entertainment Inc., case number 2:15-cv-00014; and Lawon Exum et al. v. Sony Pictures Entertainment, case number 2:15-cv-00011, in the US District Court for the Central District of California.