UPDATES with fourth class action lawsuit filed: The FBI’s confirmation today that North Korea was behind the vast hacking of Sony Pictures puts the class action lawsuits against the studio in a new context. “The law does not require companies to guarantee protection against a deliberate political act of criminal cyber terrorism by a foreign government,” leading trial attorney Daniel Petrocelli told me. “This cannot be laid at the feet of Sony,” the O’Melveny & Myers partner and often studio retained lawyer added noting the class action lawsuits already filed against the studio. Three were filed on Monday, Tuesday and Wednesday and a fourth followed today.
Along with the axing of the release of The Interview earlier this week, embarrassing executive emails and five leaked films, the primary fallout of the hack has been that the personal data of tens of thousands of past and present Sony employees has been spewed across the Internet Almost from the moment the attack occurred on November 24, negligence and privacy lawsuits seemed to be a matter of when and how, not if, but that doesn’t ensure their success despite the information dump and Sony’s perceived vulnerabilities.
“Assuming that Sony had a reasonable level of security in place, the involvement of North Korea only makes these already uphill class actions even more difficult for the plaintiffs moving forward,” another Hollywood lawyer said today. “Generally, the law does not require people and companies to foresee intentional acts of wrong doing.” Since the data breach was revealed, the studio brought in the FBI as well as private security and has been offering data protection services to staff.
This week the first of what could be many lawsuits were filed. Sony has not responded in court to any of them yet.
Seeking unspecified damages and reclassification, the first complaint was handed into federal court in California on December 15 by Michael Corona and Christina Mathis. The 45-page document alleged that “Sony failed to secure its computer systems, servers, and databases (‘Network’), despite weaknesses that it has known about for years, because Sony made a ‘business decision to accept the risk’ of losses associated with being hacked; and (2) Sony subsequently failed to timely protect confidential information of its current and former employees from law -breaking hackers.”
Similar suits from Susan Dukrow and Yvonne Yaconelli and then Joshua Forster and Ella Carline Archibeque followed. Claiming violations of the California Data Breach Act, Constitutional invasion of privacy, the California Confidentially of Medical Information Act, the former was filed in LA Superior Court on December 16. In the complaint the former Spider-Man 2 crew members said part of the issue was the studio making a movie with James Franco and Seth Rogen about the assassination of the leader of North Korea – something sure to get a reaction from the authoritarian regime. “Sony moved forward with the film, knowing that by doing so, it created an unreasonable risk for Plaintiffs and Class Members.”
Ex-Sony employees Forster and Archibeque filed their class action on December 18 in federal court. “SPE delayed confirming the data breach for a week and left its employees in the dark about the scope of the breach, how they and their families were impacted, and what steps SPE is taking to remedy or mitigate the breach,” said their 4-claim action.
“Sony could be held responsible if they didn’t have things like passwords on material and a below standard system, but I doubt that is the case,” notes one legal source. “In fact, Sony could cross complaint that they were not at all responsible, North Korea is,” the lawyer said, adding a whole new legal twist to this saga in the making.
Subscribe to Deadline Breaking News Alerts and keep your inbox happy.