The Price Of Poor Security: California Judge Refuses To Throw Out Sony Employee Negligence Claims
On December 24, 2014, Sony Pictures Entertainment was hacked by a group calling itself the Guardians of Peace, believed to be associated with North Korea. During the hack, personal information about Sony employees was compromised. Not long after, an action was brought by Sony employees against the company itself. The case is Michael Corona, et al. v. Sony Pictures Entertainment, Inc.
The lawsuit claims that Sony’s negligence caused a massive data breach, and that the plaintiffs suffered harm in the form of expenses related to measures they took to protect their personal information.
Sony’s position in its motion to dismiss was that plaintiffs had failed to show actual injury, and in any event, the claims were barred by the economic loss doctrine. A federal judge in California ruled on Monday that plaintiffs’ allegations that they had to make the aforementioned expenditures was sufficient to overcome Sony’s motion to dismiss with regards to injury, and that for purposes of the economic loss doctrine, the parties had a “special relationship.”