Sony Pictures, Which Hyped Up 'Harm' Of Hack, Now Tells Court No Harm Done To Employees

from the thread-that-needle,-sony... dept

In the wake of the Sony Pictures hack, the company went somewhat ballistic in trying to describe just how "harmful" the hack was. It brought on famed lawyer David Boies to threaten anyone who published any information from the hack, claiming that it was a violation of the First Amendment (yes, it told the media that publishing news was a violation of the First Amendment). The company also (ridiculously) threatened to sue Twitter, claiming that Twitter would be held "responsible for any damage or loss arising from such use or dissemination by Twitter." Thoughout it all, Sony kept arguing that this hack was a complete disaster and incredibly harmful.

However, now, in court, Sony is suddenly forced to tap dance around those claims and argue that there has been no harm at all done to the employees of the company, who have filed a class action lawsuit against Sony Pictures for failing to protect their data. In a filing first highlighted by Eriq Gardner at The Hollywood Reporter, Sony Pictures insists that basically there has been no harm whatsoever and mocks the employees who say otherwise, noting that their "PII" (Personally Identifiable Information) disclosed was not particularly private in the first place.
Plaintiffs’ experiences in the wake of the cyberattack are entirely consistent with the empirical consensus just discussed. To start, the PII disclosed for each Plaintiff varies widely.... For example, Mathis asserts only that her name, SSN, and former (not current) home address were disclosed.... (Even on that score, she appears to be wrong. Plaintiffs cite no evidence that her SSN was disclosed. The sole document they cite... has the SSN of a different Mathis.) For his part, Forster believes an array of his PII was disclosed, including his SSN and birthday, as well as outdated bank information, an invalid driver’s license, and former medical insurance information (which he admits are “useless” or “worthless”)....

What is more, some Plaintiffs maintain active online presences, which means that much of the PII they claim was disclosed in the cyberattack already had voluntarily been made available online. For example, while Forster complains that his title, place of work, and dates on which he joined and left SPE were disclosed, he acknowledges that he had posted that information to LinkedIn and thus could not be harmed by its disclosure.... Levine likewise admits that he has “put a lot of [his] life online.” ... For him and others, a wide range of PII was available online prior to the attack.
The other line of defense? If there is any harm, who can really say that it actually came from the Sony hack, rather than any other recent hack?
Plaintiffs (and, undoubtedly, unnamed classmembers) have been exposed to multiple breaches and incidents of identity theft involving various permutations of their PII.... To prove that any injury—or even risk of future injury—is attributable to the cyberattack, each classmember would have to show that this cyberattack, and not another event, caused any incident of identity fraud.
The other problem is that the only actual loss that any of the plaintiffs show right now was an unauthorized purchase on a credit card, but the filing points out, this employee was fully reimbursed (i.e., no loss) and it's also not at all clear that it happened because of the Sony hack.
Similarly, while Corona claims that somebody made an unauthorized purchase using his credit card after the cyberattack on SPE (for which he was fully reimbursed), he acknowledges that he also had unauthorized purchases on his credit card before the cyberattack, and that he could only “guess” at the connection, if any, between the more recent unauthorized purchase and the cyberattack.
To be honest, Sony's argument here is pretty strong. Courts have pretty consistently rejected class action lawsuits over data breaches when there are no actual losses, or where the losses are purely theoretical. It seems very likely that the former Sony employees here are going to lose.

But... it does seem rather amusing to see Sony -- which went on and on and on about all the "damage" the leak was going to cause -- now have to argue that its own employees experienced no harm at all...
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: class action, damages, emails, hack, harm, lawsuit, sony hack
Companies: sony, sony pictures

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 31 Aug 2015 @ 10:33am

    "(yes, it told the media that publishing news was a violation of the First Amendment)"

    I try very very hard to respond to people here with how the MPAA/RIAA and others like it would respond. I defended the fact that infringement hinders the humanitarian efforts in Haiti. When I noticed that Google was responsible for all the starving artists and someone asked the valid question of

    "Who's responsible for all the artists who aren't starving?"

    I noticed that it was the RIAA/MPAA and copyright laws. Then they asked another perfectly valid question

    "Who was responsible for all the artists who were starving before Google existed as a handy scapegoat for morons?"

    Which I answered that it was cassette tapes, the printing press, and other technologies.

    But with every passing statement made by these guys they make my job harder and harder. OK, let me try. Here goes.

    Someone is going to invariably ask the valid question of "How is publishing news a violation of the first amendment".

    Because it makes Sony look ridiculous when they lie and so that prevents them from telling certain lies. It forces them to change their lies which impedes their ability to tell their previous lies or else face more public backlash which harms their freedom of speech.

    Also Sony wants to be free to freely discuss internal matters internally. They don't want the public seeing their discussions lest they say something that could embarrass them. Leaking embarrassing information about them could have the effect of limiting their speech in fear of something getting leaked which is not good for the first amendment.

    Uhm ... Do any of the other shills have a better answer? I tried looking for the original claim made by Sony so that I can hopefully get some insight into their reasoning and use that whenever I try to argue that these sorts of leaks are harmful to the first amendment but I can't find it. Using their own arguments is usually the best/easiest way to argue these issues because then if one of my bosses complains that the argument is stupid and makes them look bad and so I'm not a good shill and they want to fire me I can cite a source from the MPAA/RIAA and others like it where the argument was used and claim I am just defending their position as stated by them. That's what they're paying me for right? But so far my shilling organization has been very pleased with my arguments even though I usually find them strange and not making much sense. Hey, it pays the bills, right?

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.