Sony Pictures, Which Hyped Up 'Harm' Of Hack, Now Tells Court No Harm Done To Employees

from the thread-that-needle,-sony... dept

Plaintiffs’ experiences in the wake of the cyberattack are entirely consistent with the empirical consensus just discussed. To start, the PII disclosed for each Plaintiff varies widely.... For example, Mathis asserts only that her name, SSN, and former (not current) home address were disclosed.... (Even on that score, she appears to be wrong. Plaintiffs cite no evidence that her SSN was disclosed. The sole document they cite... has the SSN of a different Mathis.) For his part, Forster believes an array of his PII was disclosed, including his SSN and birthday, as well as outdated bank information, an invalid driver’s license, and former medical insurance information (which he admits are “useless” or “worthless”)....



What is more, some Plaintiffs maintain active online presences, which means that much of the PII they claim was disclosed in the cyberattack already had voluntarily been made available online. For example, while Forster complains that his title, place of work, and dates on which he joined and left SPE were disclosed, he acknowledges that he had posted that information to LinkedIn and thus could not be harmed by its disclosure.... Levine likewise admits that he has “put a lot of [his] life online.” ... For him and others, a wide range of PII was available online prior to the attack.

Plaintiffs (and, undoubtedly, unnamed classmembers) have been exposed to multiple breaches and incidents of identity theft involving various permutations of their PII.... To prove that any injury—or even risk of future injury—is attributable to the cyberattack, each classmember would have to show that this cyberattack, and not another event, caused any incident of identity fraud.

Similarly, while Corona claims that somebody made an unauthorized purchase using his credit card after the cyberattack on SPE (for which he was fully reimbursed), he acknowledges that he also had unauthorized purchases on his credit card before the cyberattack, and that he could only “guess” at the connection, if any, between the more recent unauthorized purchase and the cyberattack.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

In the wake of the Sony Pictures hack, the company went somewhat ballistic in trying to describe just how "harmful" the hack was. It brought on famed lawyer David Boies to threaten anyone who published any information from the hack, claiming that it was a violation of the First Amendment (yes, it told the media that publishing news was aof the First Amendment). The company also (ridiculously) threatened to sue Twitter , claiming thatwould be held "responsible for any damage or loss arising from such use or dissemination by Twitter." Thoughout it all, Sony kept arguing that this hack was a complete disaster and incredibly harmful.However, now, in court, Sony is suddenly forced to tap dance around those claims and argue that there has been no harm at all done to theof the company, who have filed a class action lawsuit against Sony Pictures for failing to protect their data. In a filing first highlighted by Eriq Gardner at The Hollywood Reporter, Sony Pictures insists that basically there has been no harm whatsoever and mocks the employees who say otherwise, noting that their "PII" (Personally Identifiable Information) disclosed was not particularly private in the first place.The other line of defense?there is any harm, who can really say that it actually came from, rather than any other recent hack?The other problem is that the only actual loss that any of the plaintiffs show right now was an unauthorized purchase on a credit card, but the filing points out, this employee was fully reimbursed (i.e., no loss) and it's also not at all clear that it happened because of the Sony hack.To be honest, Sony's argument here is pretty strong. Courts have pretty consistentlyclass action lawsuits over data breaches when there are no actual losses, or where the losses are purely theoretical. It seems very likely that the former Sony employees here are going to lose.But... it does seem rather amusing to see Sony -- which went on and on and on about all the "damage" the leak was going to cause -- now have to argue that its own employees experienced no harm at all...

Filed Under: class action, damages, emails, hack, harm, lawsuit, sony hack

Companies: sony, sony pictures