Last holiday season, Seth Rogen and James Franco’s new comedy, “The Interview,” made major headlines around the world — but probably not for the reasons they were hoping for. The film, which depicted a fake talk show host and his producer being recruited by the CIA to assassinate North Korean dictator Kim Jong-un under the guise of conducting an interview with him (hence the title), became the focal point of an international hacking incident. A team of hackers, traced back to North Korea by an FBI investigation, broke into the email servers of the movie’s distributor, Sony Pictures Entertainment (SPE), and proceeded to leak thousands of internal emails sent by Sony employees.
The purportedly North Korean hackers demanded the film be pulled from release, or they would commit further cyber attacks upon Sony and its employees. The studio relented at first, but eventually released the film. And while that incident seems to have come and gone from the public’s notice, the after effects are still very real for many current and former Sony employees, some of whom are claiming that they’ve already become the victims of identity theft in the seven months since the breach.
Film industry news outlet Deadline reports that former SPE staffers have filed a lawsuit against the company, alleging that Sony not only employed lax cybersecurity protocols that were unable to prevent the hack, but that they were aware that their security systems were inadequate after multiple prior data breaches exposed weaknesses in their security measures. Many of these former staffers are already feeling the repercussions of the breach.
The plaintiffs even recruited cybersecurity expert Dr. Larry Ponemon to assess their risk for ID theft and related damages. In his analysis of the situation, Ponemon did indeed indicate that the plaintiffs and other compromised Sony employees would be at a “heightened risk of identity fraud going forward for years to come,” even providing a breakdown of the financial costs that the plaintiffs will incur for identity protection and credit monitoring services.
“Class members are at a heightened risk of credit card fraud, financial identity fraud, medical identity fraud, social identity fraud and income tax fraud,” the lawsuit claims, detailing how some of the plaintiffs have already seen unauthorized charges on their credit accounts or their personal information appear on black market websites. “SPE knew its data security was inadequate. SPE and its sister companies experienced multiple prior data breaches that exposed significant weaknesses in the Sony companies’ security measures, including the 2011 breach of the Sony PlayStation Network that compromised information from over 75 million customer accounts, and which experts attributed to an unsophisticated method of hacking that would not have been successful if the most basic security measures had been in place.”
According to Deadline, a hearing is scheduled to take place on September 14 to determine whether the lawsuit merits class action status.
Data breaches and cyber attacks like Sony’s are becoming all too common nowadays, and with that comes a significantly higher risk of falling victim to identity fraud. While you can’t completely protect your identity 100 percent of the time, you can take a more proactive stance against the possibility of identity theft by registering with a credit monitoring service, which can alert you in that event that certain activity indicative of fraud emerges on your credit file.