Sony Pictures, Which Hyped Up 'Harm' Of Hack, Now Tells Court No Harm Done To Employees

from the thread-that-needle,-sony... dept

In the wake of the Sony Pictures hack, the company went somewhat ballistic in trying to describe just how “harmful” the hack was. It brought on famed lawyer David Boies to threaten anyone who published any information from the hack, claiming that it was a violation of the First Amendment (yes, it told the media that publishing news was a violation of the First Amendment). The company also (ridiculously) threatened to sue Twitter, claiming that Twitter would be held “responsible for any damage or loss arising from such use or dissemination by Twitter.” Thoughout it all, Sony kept arguing that this hack was a complete disaster and incredibly harmful.

However, now, in court, Sony is suddenly forced to tap dance around those claims and argue that there has been no harm at all done to the employees of the company, who have filed a class action lawsuit against Sony Pictures for failing to protect their data. In a filing first highlighted by Eriq Gardner at The Hollywood Reporter, Sony Pictures insists that basically there has been no harm whatsoever and mocks the employees who say otherwise, noting that their “PII” (Personally Identifiable Information) disclosed was not particularly private in the first place.

Plaintiffs? experiences in the wake of the cyberattack are entirely consistent with the empirical consensus just discussed. To start, the PII disclosed for each Plaintiff varies widely…. For example, Mathis asserts only that her name, SSN, and former (not current) home address were disclosed…. (Even on that score, she appears to be wrong. Plaintiffs cite no evidence that her SSN was disclosed. The sole document they cite… has the SSN of a different Mathis.) For his part, Forster believes an array of his PII was disclosed, including his SSN and birthday, as well as outdated bank information, an invalid driver?s license, and former medical insurance information (which he admits are ?useless? or ?worthless?)….

What is more, some Plaintiffs maintain active online presences, which means that much of the PII they claim was disclosed in the cyberattack already had voluntarily been made available online. For example, while Forster complains that his title, place of work, and dates on which he joined and left SPE were disclosed, he acknowledges that he had posted that information to LinkedIn and thus could not be harmed by its disclosure…. Levine likewise admits that he has ?put a lot of [his] life online.? … For him and others, a wide range of PII was available online prior to the attack.

The other line of defense? If there is any harm, who can really say that it actually came from the Sony hack, rather than any other recent hack?

Plaintiffs (and, undoubtedly, unnamed classmembers) have been exposed to multiple breaches and incidents of identity theft involving various permutations of their PII…. To prove that any injury?or even risk of future injury?is attributable to the cyberattack, each classmember would have to show that this cyberattack, and not another event, caused any incident of identity fraud.

The other problem is that the only actual loss that any of the plaintiffs show right now was an unauthorized purchase on a credit card, but the filing points out, this employee was fully reimbursed (i.e., no loss) and it’s also not at all clear that it happened because of the Sony hack.

Similarly, while Corona claims that somebody made an unauthorized purchase using his credit card after the cyberattack on SPE (for which he was fully reimbursed), he acknowledges that he also had unauthorized purchases on his credit card before the cyberattack, and that he could only ?guess? at the connection, if any, between the more recent unauthorized purchase and the cyberattack.

To be honest, Sony’s argument here is pretty strong. Courts have pretty consistently rejected class action lawsuits over data breaches when there are no actual losses, or where the losses are purely theoretical. It seems very likely that the former Sony employees here are going to lose.

But… it does seem rather amusing to see Sony — which went on and on and on about all the “damage” the leak was going to cause — now have to argue that its own employees experienced no harm at all…

Filed Under: , , , , , ,
Companies: sony, sony pictures

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Sony Pictures, Which Hyped Up 'Harm' Of Hack, Now Tells Court No Harm Done To Employees”

Subscribe: RSS Leave a comment
tom (profile) says:

The REALLY interesting legal gymnastics will come if they catch the person(s) responsible for the breach. Sony lawyers then will be arguing about the horrible and costly harm the breach caused, after previously arguing that no harm was done, after previously stating how much harm was done.

Wonder if Sony filed a damage figure in their yearly SEC stock filings?

Anonymous Coward says:

“(yes, it told the media that publishing news was a violation of the First Amendment)”

I try very very hard to respond to people here with how the MPAA/RIAA and others like it would respond. I defended the fact that infringement hinders the humanitarian efforts in Haiti. When I noticed that Google was responsible for all the starving artists and someone asked the valid question of

“Who’s responsible for all the artists who aren’t starving?”

I noticed that it was the RIAA/MPAA and copyright laws. Then they asked another perfectly valid question

“Who was responsible for all the artists who were starving before Google existed as a handy scapegoat for morons?”

Which I answered that it was cassette tapes, the printing press, and other technologies.

But with every passing statement made by these guys they make my job harder and harder. OK, let me try. Here goes.

Someone is going to invariably ask the valid question of “How is publishing news a violation of the first amendment”.

Because it makes Sony look ridiculous when they lie and so that prevents them from telling certain lies. It forces them to change their lies which impedes their ability to tell their previous lies or else face more public backlash which harms their freedom of speech.

Also Sony wants to be free to freely discuss internal matters internally. They don’t want the public seeing their discussions lest they say something that could embarrass them. Leaking embarrassing information about them could have the effect of limiting their speech in fear of something getting leaked which is not good for the first amendment.

Uhm … Do any of the other shills have a better answer? I tried looking for the original claim made by Sony so that I can hopefully get some insight into their reasoning and use that whenever I try to argue that these sorts of leaks are harmful to the first amendment but I can’t find it. Using their own arguments is usually the best/easiest way to argue these issues because then if one of my bosses complains that the argument is stupid and makes them look bad and so I’m not a good shill and they want to fire me I can cite a source from the MPAA/RIAA and others like it where the argument was used and claim I am just defending their position as stated by them. That’s what they’re paying me for right? But so far my shilling organization has been very pleased with my arguments even though I usually find them strange and not making much sense. Hey, it pays the bills, right?

Anonymous Coward says:

No, that some persons were harmed but that these aren't can both be true.

YOU agree with Sony’s position on the case, and the rest is vague attack for no obvious cause. State why Sony should NOT have worried over exposure of the data… Can’t, eh? So you agree with Sony in all.

Next baseless gibes, please. I’m timing how long (including reading) takes me to spot the key flaw that renders them utterly pointless. Have thus occupied myself for nearly ten seconds on items today.

Tired of slow page loading waiting on javascripts and images, and of not seeing comments the fanboys have censored?

Use the new Techdirt Lite!

shill on drugs says:

Re: No, that some persons were harmed but that these aren't can both be true.

Wow, I can’t really understand what you are trying to say. Perhaps if I made my claims less understandable like you someone might be fooled into thinking there is a valid point somewhere. My bosses would be pleased. Maybe I would even get a raise!!!


And while I’m sure your post was sarcasm it’s not that far off from the real thing. Marked as funny.

Anonymous Coward says:

Re: Impeach the witness, anyone?

Companies do this sort of thing all the time — have one legal team making its case in one court, then another legal team making the exact opposite argument in another court battle. The supposedly sacred principles they will insist must be followed often shift like the wind. We must keep in mind that as long as it’s coming out of the mouth of a lawyer, it’s never perjury, no matter how big the lies.

Anonymous Coward says:

Tangential observation

her name, SSN, and former (not current) home address were disclosed…. his SSN and birthday, as well as outdated bank information, an invalid driver’s license, and former medical insurance information (which he admits are “useless” or “worthless”)….

Anyone ever have to prove their identity online, particularly to a credit agency or governmental organization? Questions like “Which of the following addresses have you ever resided at?” and “Have you ever held an account at one of the following banks?” are quite common. Outdated PII is most definitely not useless.

John Fenderson (profile) says:

Re: Tangential observation

“Questions like “Which of the following addresses have you ever resided at?” and “Have you ever held an account at one of the following banks?” are quite common.”

I encountered those trying to get my credit report. Unfortunately, I was unable to correctly answer the “which address did you live at” question. I’ve live at a lot of addresses in my life, and I have long forgotten most of them.

Outdated PII, in this case, was not only useless, it actively prevented me from getting my credit report. I still haven’t been able to get around that.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...