It’s happened. The first class action lawsuit has been filed against Sony for failing to prevent hackers from stealing its current and former employees’ social security numbers, medical records, and salary information.

The complaint brought by two former employees alleges that Sony failed to protect their private data and that it negligently ignored warnings from programs designed to provide advance notice of possible attack or vulnerability in the computer network. One employee also alleges that his reason for resigning from Sony was also disclosed.

Though these types of lawsuits are often unsuccessful because of the plaintiffs’ uphill battle to prove damages, this case may be different because Sony has a history of prior hacks into its system where customer data was exposed. Evidence of multiple past failures may weigh against Sony in any attempt to dismiss this latest litigation. The fact that the employees’ medical information was exposed is also a problem for Sony, because California maintains strict privacy laws designed to protect such information.

What’s the lesson? As an employer, you have a duty to be sure that the private information you collect and maintain about your employees remains secure at all times. Failure to recognize the importance of investing in robust security systems can result in liability down the road. And in this day and age, there is no way to know how long that road will be, or where it will lead.