Sony Pictures Entertainment is facing two lawsuits from four former employees who claim the company did not do enough to prevent hackers from stealing personal data from current and former workers.
Filed in a federal court in the US on Monday, the lawsuit claims that social security numbers, birthdays, addresses, salary history and reasons for leaving the company were made public in the hack.
The lawsuit refers to the recent attack as “an epic nightmare, much better suited to a cinematic thriller than to real life”.
There is the potential for an investigation by regulators if Sony is found to be at fault, according to John Skipper, cyber-security expert, PA Consulting Group. He commented to SCMagazineUK: "I think they may well have a good basis for a claim if Sony is judged not to have taken reasonable measures to protect personal data. If that is the case, Sony might get in trouble from regulators."
However, if the hack is found to have been perpetrated by a nation state, Sony could argue that there is nothing it could have done to prevent an attack, Skipper added. "Lawsuits are tricky as employees have to prove that they suffered a material loss and while that's down to interpretation of the court, they have to show this - and that Sony didn't take reasonable precautions."
But Sony has already been criticised by experts for not doing enough to protect itself from attacks. Clinton Karr, senior security strategist, at Bromium commented to SC: “The public disclosure of private information can be just as damaging to the reputation of a brand as the theft of financial information, so the Sony breach has ramifications all the way to the board level, just the like Target breach before it. Information security professionals are constantly making investments to implement new security solutions, but they should question whether they are making the right decisions.
"If the Target and Sony breaches are any indication, the answer is no. Detection-based solutions, such as antivirus, have proven ineffective at preventing these attacks."
The Sony lawsuit is one of a series of fallouts following the November hack on the entertainment firm. The New York premier of The Interview - a film starring James Franco and Seth Rogan which features a plot by the CIA to assassinate North Korea's leader Kim Jong-un - has been cancelled, according to Reuters. It comes after a warning by Sony hackers Guardians of Peace, somewhat contradicting its name, urging people to stay away from cinemas showing the film, and alluding to the 9/11 attacks on the country in 2001.
Guardians of Peace has hinted that a new leak is in the works for Christmas. Skipper said: "I think there is more to come and that the attacker behind this could have the intent to do deep and permanent damage to Sony as an organisation. I wouldn't be surprised to see a series of leaks of information that they have already gathered - or have been gathering - as it isn't clear if Sony has been able to eliminate the attack."