Post by The Ultimate Nullifier on Jan 7, 2015 9:40:57 GMT -6
variety.com/2015/biz/news/sony-hit-with-another-class-action-lawsuit-over-cyber-attack-1201394240/
Another ex-employee has filed a class action suit against Sony Pictures Entertainment, claiming that the studio was negligent in protecting personal information from the Nov. 24 hacking attack.
At least seven class action suits have been filed against the studio, raising the prospect that they will be consolidated before a single federal judge.
Anastasio Garcia Rodriguez, a former software engineer for SPE, contends that his Social Security number, immigration information and visa, and passport information were posted on the Internet after the security breach.
He is seeking unspecified damages.
“Sony’s recent history with negative audits and data breaches underscore that Sony knew or should have known that its security protections and protocol for sensitive information were woefully inadequate,” he states in his lawsuit, filed Friday in U.S. District Court in Los Angeles.
The lawsuit cites, among other things, a 2007 article in CIO Magazine revealing that SPE’s then-executive director of information security, Jason Spaltro, “had been told by an external auditor that Sony had insufficiently strong access controls and that passwords used by Sony employees did not meet best practice standards.”
In an interview with the magazine, Spaltro said that companies do cost-benefit analyses in determining how to protect data. He offered a hypothetical example, in which the cost of notifying customers of a breach was $1 million but better securing a system to protect a breach would cost $10 million. “I will not invest $10 million to avoid a possible $1 million loss,” he told the magazine. (Not mentioned in the class action complaint was that Spaltro also said in the same interview that the studio took “protection of personal information very seriously and invests heavily in controls to prevent it.”)
A spokeswoman for SPE said they had no comment.
Rodriguez is represented in the lawsuit by Steven Tindall and Valerie Brender of Rukin Hyland Doria & Tyndall. SPE has retained the law firm of Wilmer Hale to defend it in the suit, but it has not yet provided a formal answer to any of the suits. The studio’s CEO, Michael Lynton, has described the attack as unprecedented for an American corporation.
Another ex-employee has filed a class action suit against Sony Pictures Entertainment, claiming that the studio was negligent in protecting personal information from the Nov. 24 hacking attack.
At least seven class action suits have been filed against the studio, raising the prospect that they will be consolidated before a single federal judge.
Anastasio Garcia Rodriguez, a former software engineer for SPE, contends that his Social Security number, immigration information and visa, and passport information were posted on the Internet after the security breach.
He is seeking unspecified damages.
“Sony’s recent history with negative audits and data breaches underscore that Sony knew or should have known that its security protections and protocol for sensitive information were woefully inadequate,” he states in his lawsuit, filed Friday in U.S. District Court in Los Angeles.
The lawsuit cites, among other things, a 2007 article in CIO Magazine revealing that SPE’s then-executive director of information security, Jason Spaltro, “had been told by an external auditor that Sony had insufficiently strong access controls and that passwords used by Sony employees did not meet best practice standards.”
In an interview with the magazine, Spaltro said that companies do cost-benefit analyses in determining how to protect data. He offered a hypothetical example, in which the cost of notifying customers of a breach was $1 million but better securing a system to protect a breach would cost $10 million. “I will not invest $10 million to avoid a possible $1 million loss,” he told the magazine. (Not mentioned in the class action complaint was that Spaltro also said in the same interview that the studio took “protection of personal information very seriously and invests heavily in controls to prevent it.”)
A spokeswoman for SPE said they had no comment.
Rodriguez is represented in the lawsuit by Steven Tindall and Valerie Brender of Rukin Hyland Doria & Tyndall. SPE has retained the law firm of Wilmer Hale to defend it in the suit, but it has not yet provided a formal answer to any of the suits. The studio’s CEO, Michael Lynton, has described the attack as unprecedented for an American corporation.