Sony's Data Breach Woes Headed for Relief

Faegre Drinker Biddle & Reath LLP
Contact

Another chapter in Sony Corporation’s data breach woes appears headed for settlement. This latest chapter, which follows other well-publicized Sony data breaches, began when hackers took control of the company’s computer network in November 2014.

Among the victims: thousands of employees and former employees whose personal data — including salary information, Social Security numbers, performance reviews and even detailed health records — was published on the Internet. The class action that followed alleged that the hacker was not particularly sophisticated and merely took advantage of security flaws and system weaknesses which Sony itself had identified, but failed to address because it did not consider them business priorities. In June 2015, a federal judge dismissed some of the plaintiffs’ claims, but allowed the case to proceed, noting that the publication of personal information on the Internet was “alone sufficient” to establish a credible threat of real and immediate harm to the named plaintiffs and putative class members.

On October 19, 2015, the parties filed a motion for preliminary approval of a proposed class settlement. Under the proposed settlement, Sony would be required to pay between $5.5 and $8 million, with $2 million of that amount being used to reimburse class members for preventive measures against identity theft. The remaining $2.5 million would go to class members who show that they have experienced actual unreimbursed losses as a result of identity theft. The settlement also requires Sony to continue providing identity protection services and insurance for two years, and requires that Sony separately pay up to $3.49 million in attorneys’ fees.

Assuming final approval of the settlement, and even as Sony brings this chapter to a close, the case serves as a fresh reminder that employers across all different sectors are responsible for safeguarding employee records and other personal information. Developing and implementing reasonable protective measures should be key points of any data security plan.

Corona v. Sony Pictures Entertainment, Inc., Case No. 2:14-09600 (C. D. California).

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Faegre Drinker Biddle & Reath LLP | Attorney Advertising

Written by:

Faegre Drinker Biddle & Reath LLP
Contact
more
less

Faegre Drinker Biddle & Reath LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide