In the wake of the major data breach at Sony Pictures Entertainment last year in which sensitive personal information including Social Security numbers and health data on thousands of present and former employees, nine former employees affected by the data breach sued Sony alleging that it was negligent in failing to protect their personal information. I first reported to you about this lawsuit, Corona et al v. Sony Pictures Entertainment in my Scam of the day for March 13, 2015. Now a settlement agreement has been reached between the plaintiffs and Sony that has been submitted to the federal court for approval. Terms of the settlement have not been disclosed.
The hacking of Sony should be a wake-up call to all companies. Despite Sony’s assertions that this was an unprecedented attack and that Sony had taken proper data security precautions, the facts do not support those assertions. The list of Sony’s failings are many. Data banks were not properly segregated. The company was particularly susceptible to phishing attacks. It retained personal information long after it was necessary and it kept an unencrypted file entitled “Passwords” with a compendium of passwords providing ready access to the hackers to sensitive information. These are just a few of Sony’s failings.
There is little that we as consumers and employees of companies that hold our personal information can do to protect ourselves from data breaches other than to inquire of these companies as to what steps they take to protect the personal information that they hold and to refrain from doing business with companies that do not provide a satisfactory answer. Additionally, we should try to limit as much as possible the personal information that we provide to such companies. For instance, your medical care providers do not need your Social Security number although most medical care providers routinely ask for it. The Sony lawsuit was the first of a recent number of lawsuits against companies such as Sony and Ashley Madison that have suffered data breaches that many believe could have been prevented with better security.