Sony Pictures tells employees all info may have been stolen in massive breach

By Chad Hemenway on December 16, 2014

Two former Sony employees file class-action lawsuit?????????????????????????

Everything from an employee’s name and social security number to his credit card and health information were stolen by hackers who broke into Sony Pictures’ computer system, the company told employees in a notification letter.

Details revealed in the letter, posted on the California Attorney General’s website, include that the system disruption was caused by a “brazen cyber attack” on November 24.

A week later, on December 1, Sony Pictures learned personal, financial and health information of current and former employees and their dependents were compromised.

Sony’s letter to employees is dated a week after this discovery, on December 8.

The following types of information may have been taken in the cyber breach:

  • Name and address
  • Social security number
  • Driver’s license number/passport or other government identifier
  • Bank account information
  • Credit card information
  • Username and passwords
  • Compensation
  • HIPAA-protected health information submitted to Sony Pictures
  • Other health information provided to the company outside of its health plans

The company encouraged employees to “be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information.”

AllClear ID has been hired by Sony Pictures to provide a year of free credit monitoring and identity theft services.

Lawsuit filed

Meanwhile, two former Sony Pictures employees filed a lawsuit in federal court in Los Angeles. It alleges Sony Pictures failed to protect its computer networks and failed to “timely protect confidential information” of current and former employees.

The suit describes an “epic nightmare, much better suited to a cinematic thriller than to real life.”

Sony is no stranger to breaches and it should have known a breach like this most recent event was likely, and it should have taken steps to prevent it, according to former employees Michael Corona and Christina Mathis.

Corona and Mathis each claim to have spent hundreds of dollars on identity theft protection and many hours on efforts to safeguard their identities.

The former employees said the cyber attack stole tens of thousands of social security numbers, which were copied more than one million times.

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].