It’s happened. The first class action lawsuit has been filed against Sony for failing to prevent hackers from stealing its current and former employees’ social security numbers, medical records, and salary information.
Predictably, the complaint brought by two former employees alleges that Sony failed to protect private employee data, and that it negligently ignored warnings from programs designed to provide advance notice of possible attack or vulnerability in the computer system. One employee also alleges that his reason for resigning from Sony was also disclosed.
Though these types of lawsuits are often unsuccessful because of the plaintiffs’ uphill battle to prove damages, this case may be different because Sony has a history of prior hacks into its system where customer data was exposed. Evidence of multiple past failures may weigh against Sony in any attempt to dismiss this latest litigation.
It also may be different because, in this hack, employee medical information was exposed. UnderCalifornia’s strict privacy laws, Sony has a strict duty to keep employee medical information private and secure. Moreover, employers have a higher duty of care with respect to protecting their own employees than their customers.
This may be the first in a wave of lawsuits against Sony for the recent breach. Others may soon follow from Sony’s shareholders, profit centers (e.g., celebrities), or business partners, if they can make an adequate claim that information contained in publicly-disclosed emails containing sensitive information about private circumstances, business arrangements, or the like resulted in harm.