Sony Pictures Entertainment has been hit with yet another class action lawsuit following the November hack attack that crippled the studio and made thousands of current and former employees’ personal information vulnerable.
The latest suit was brought by Anastasio Garcia Rodriguez, who worked as a software engineer at Sony’s Culver City office from February 2011 to May 2013. It was filed in federal court in Los Angeles on Jan. 2.
In legal papers obtained by TheWrap, the suit alleges Sony “knew or should have known that it was failing to take the necessary steps to secure its current and former employees’ PII [personally identifiable information].” The documents go on to say “as a result of its actions and inaction, current and former employees and their families will have to monitor their data for years to come and have been potentially exposed to a lifetime of heightened risk of identity theft and fraud.”
Rodriguez said Sony informed him that “his PII may have been compromised as a result of the security breach, and [he] has confirmed that the PII obtained by the GOP and distributed on the internet includes at minimum his social security number, immigration information and visa, and passport information.”
The lawsuit references past Sony hackings, as well as a 2007 article published in CIO Magazine, wherein Sony’s then-executive director of information security, Jason Spaltro, had been told by an outside auditor that Sony “had insufficiently strong access controls and that passwords used by Sony employees did not meet best practice standards.”
This marks the sixth class action lawsuit that has been brought against Sony. Most plaintiffs have been former employees who allege the studio did not adequately take steps to protect and then retrieve their stolen information after the hack.
Pamela Chelin contributed to this report.