Thousands of dollars in unauthorized credit card charges, attempts to open accounts under their names, and personal data showing up all over the Internet are just a few of the claims that Michael Corona, Christina Mathis and others are making in court documents filed last week. The former Sony Pictures staff members are saying that some of the things they were most afraid of happening as a result of the massive hack that savaged the company late last year have already happened. The lawsuit comes less than a month after Sony failed in its attempt to get the consolidated case tossed.
“Class members are at a heightened risk of credit card fraud, financial identity fraud, medical identity fraud, social identity fraud, and income tax fraud,” noted a memorandum (read it here) backing up the eight plaintiffs’ desire to get class action certification on their case. “Not surprisingly, several of the plaintiffs have already been victims of identity fraud. Ms. Bailey and Ms. Archibeque were notified that their PII was available for purchase on black market websites. An identity thief attempted to open a PayPal credit card using Mr. Forster’s PII. Plaintiff Shapiro was notified by Chase that someone tried to make a large purchase using his account, and discovered credit card accounts opened in his name on his credit report. And an identity thief charged a $3,845.50 purchase to Mr. Corona’s credit card.”
As they have before, the ex-employees lawyers slapped the blame for the hack — supposedly prompted by Sony’s film The Interview — of November 24, 2015 and the fallout fully on Sony Pictures Entertainment’s shoulders. “SPE knew its data security was inadequate. SPE and its sister companies experienced multiple prior data breaches that exposed significant weaknesses in the Sony companies’ security measures, including the 2011 breach of the Sony PlayStation Network that compromised information from over 75 million customer accounts, and which experts attributed to an unsophisticated method of hacking that would not have been successful if the most basic security measures had been in place.”
With the personal information of an estimated 3,000 former and current Sony employees posted online as a result of the deep hack, the plaintiffs engaged the services of “one of the foremost experts on data privacy and identity theft,” Larry Ponemon, to put together a report on consequences of the breach. “Dr. Ponemon has explained that all class members will be subjected to heightened risk of identity fraud going forward for years to come, and Plaintiffs’ economist, Dr. Henry Fishkind, has provided an appropriate and common model for measuring the reasonable costs (discounted to present value) that class members will incur to monitor and protect themselves from identity,” said the 32-page memo on the consolidated case filed in federal court June 10.
A hearing is scheduled for September 14 on the class certification motion. A team of lawyers from several firms represents the plaintiffs with Cari Laufenberg of Seattle’s Keller Rohrback LLP taking the leading role. Wilmer Cutler Pickering Hale And Dorr LLP are representing Sony in the matter.