The legal woes continue to mount in the wake of the cyber attack on Sony Pictures. A former software engineer at the studio has filed the latest class-action lawsuit over the hack, claiming that his personal information “may have been compromised as a result of the security breach.” Anastasio Garcia Rodriguez, who worked at Sony Pictures from February 2011 to May 2013, claims the info obtained by the hackers “includes at a minimum his Social Security number, immigration information and visa, and passport information.”

The suit joins a number of others — read about three of them here, here and here — brought in the wake of the devastating late-November attack, which has crippled Sony Pictures and created an international incident between the U.S. and North Korea, which the FBI says was behind the hack.

Garcia Rodriguez’s January 2 filing in U.S. District Court for Central Sony HackedCalifornia (read it here) claims Sony Pictures “owed a legal duty to Plaintiff and Class Members to exercise reasonable care in obtaining, maintaining, securing and disposing of personally identifiable information (PII).” Garcia Rodriguez says the studio “failed to exercise reasonable care in the adoption, implementation, and maintenance of IT security procedures, infrastructure, personnel, and protocols” and to dispose of personal info SPE no longer needed. The suit also claims the studio failed “to utilize industry standard methods for timely identifying security breaches” and then was late in informing employees about the hack.

The lawsuit, which seeks a jury trial and class-action status, does not include a dollar amount. But it claims, “Defendant’s breach of its legal duty to Plaintiff and Class Members caused injuries to Plaintiff and Class Members, including, but not limited to: (a) theft of their PII; (b) expenses associated with the detection and prevention of  identity theft and unauthorized use of their personal, financial and medical records; (c) expenses associated with time spent addressing and attempting to mitigate the consequences of the GOP data breach; and (d) injury resulting from fraud and identity theft caused by the use of PII by criminals or others who access PII now available on the internet.”

Attorneys Steven M. Tindall and Valerie Brender of Rukin Hyland Doria & Tindall LPP of San Francisco are representing Garcia Rodriguez in the lawsuit.