The first legal salvo has been leveled against Sony Pictures Entertainment since the massive computer breach that exposed the personal information of thousands of current and former employees.
Lawyers representing two former Sony Pictures employees filed a class-action lawsuit in federal court in Los Angeles. The 45-page complaint on behalf of former and current employees alleges that the Culver City studio was negligent by ignoring warnings that its computer system was prone to attack.
Sony "failed to secure its computer systems, servers and databases, despite weaknesses that it has known about for years" and "subsequently failed to timely protect confidential information of its current and former employees from law-breaking hackers," according to the complaint filed late Monday by the Seattle law firm, Keller Rohrback.
Hackers began releasing sensitive data after the studio's security breach became public on Nov. 24. The group, calling itself Guardians of Peace, has released data including thousands of pages of emails from studio chiefs, salaries of top executives, and Social Security numbers of 47,000 current and former employees.
There has also been a series of bombshell emails released from top executives, including thousands of emails from the studio's co-chairman, Amy Pascal. Some have included exchanges with producer Scott Rudin over whether President Obama prefers black-themed films such as "The Butler." Pascal and Rudin have apologized for their remarks.
The breach is expected to cost Sony Pictures tens of millions of dollars as the company rebuilds its computer network, conducts a forensic investigation of the attack and deals with the legal fallout.
The hackers have demanded that Sony cancel the Dec. 25 release of "The Interview," a comedy depicting a fictional assassination attempt on North Korean leader Kim Jung Un. The FBI is investigating the hack, which is suspected to have been orchestrated by North Korea.
At an all-hands meeting on Monday, Sony's chief executive and chairman, Michael Lynton, told employees: "This won't take us down. You should not be worried about the future of this studio."
The email was written in broken English. It asked employees to sign a statement disassociating themselves with Sony. "If you don't, not only you but your family will be in danger," the message said.
In the first lawsuit filed against Sony over the breach, the plaintiffs claim that the studio had a duty to be more vigilant in safeguarding the personal information of its current and past employees, including their medical information. In California, companies have a strict legal obligation to protect workers' medical information.
"We have reason to believe that medical information has been released," Cari Laufenberg, a partner with Keller Rohrback, said in a brief interview with the Los Angeles Times.
Some news reports have mentioned the release of medical details about some Sony employees and their family members.
The suit also says that while Sony has notified current employees about the breach, it has not done an adequate job notifying former employees who might have also been victimized in the attack.
Sony declined to comment on the lawsuit.
The complaint called the breach "an epic nightmare, much better suited to a cinematic thriller than real life."
"Put simply, Sony knew about the risks it took with its past and current employees' data," the suit said. "Sony gambled, and its employees — past and current — lost."
Sony has been the victim of previous data breaches, but the company made a business decision to continue to operate without dramatically improving its computer security, the suit contends.
The complaint suggests that the hackers might have infiltrated the system about a year ago, though did not pinpoint when the breach occurred.
"There are thousands of people who have been affected by this," Laufenberg said.
The attorneys have asked for a jury trial.
Staff writer Ryan Faughnder contributed to this report.