Sony has agreed to stump up nearly $8m (£5.2m) in compensation to staff – although not without a fight – after last year’s hack attack which saw thousands of items of personal data compromised in an attempt to scupper the release of the film The Interview.
Former Sony employees filed a lawsuit against the firm, arguing that they had suffered financial harm from the stolen data.
US investigators have yet to determine who carried out the attack but have blamed North Korea, much to the annoyance of the Kim Jong-un administration, which denied any involvement despite the fact that the movie is based on a plot to kill the “supreme leader”.
The 2014 breach wiped out huge amounts of data and triggered the online release of emails, personal and sensitive employee data as well as pirated copies of a swathe of new movies.
Ex-staff described the data breach as an “epic nightmare” and it forced them to step up credit monitoring to address their increased risk of identity theft.
The US District Court in Los Angeles settlement still needs to be rubber-stamped by a judge but the company says it will pay up to $10,000 a person, capped at $2.5m, to reimburse workers for ID theft losses, up to $1,000 each to cover the cost of credit-fraud protection services, capped at $2m, and up to $3.5m to cover legal fees.
Sony Entertainment chief executive Michael Lynton called the agreement “an important, positive step forward in putting the cyber-attack firmly behind us”.
It is a far cry from Sony’s initial reaction, which saw the firm try to block the legal action. It only relented after the court confirmed employees would be able to pursue their claims because Sony was negligent and had violated a California confidentiality law.
Sony hack ‘now a badge of honour’
Crisis deepens at Sony after hack
Sony calms fears over data threat
Sony defiant despite paying ICO fine
ICO defends ‘paltry’ £250k Sony fine
Sony outage fuels legal battle
Bullish Sony chief risks backlash
New hack as PSN relaunches site
Sony refuses to take blame for hack