Settlement in Sony Pictures hacking case gets judge’s OK

The entrance to the Sony Pictures Entertainment studio lot in Culver City on Dec. 18, 2014.

The entrance to the Sony Pictures Entertainment studio lot in Culver City on Dec. 18, 2014.

(Damian Dovarganes / Associated Press)

A judge approved a multimillion-dollar settlement Wednesday in a class-action lawsuit filed by former Sony Pictures Entertainment employees whose private information was stolen in a massive data breach.

The U.S. government blamed the 2014 hack on North Korea, calling it an attempt to derail the release of the North Korean-focused comedy “The Interview.”

U.S. District Judge R. Gary Klausner approved the agreement that gives about 437,000 people affected by the breach identity theft protection from the time of the hack through 2017.

Under the deal, Culver City-based Sony agreed to provide the identity theft protection -- as well as an optional service that will cover up to $1 million in losses -- and create a fund to cover any additional losses.

An exact figure for the settlement is not yet available, because a deadline for workers to sign up for credit protection and reimbursement has not yet passed.


Klausner noted that three years of free credit monitoring exceeds the benefit given in many data breach cases.

To date, Sony has committed $7 million to notify people affected by the breach and to establish a fund to reimburse them for uncovered identity theft losses.

That figure doesn’t account for millions of dollars Sony has committed to pay for credit monitoring services and for plaintiffs’ attorney fees.

So far, 18,000 people have signed up for the optional service, which retails for $350. Sony will pay far less for the service, attorneys said Wednesday.

Klausner will determine how much plaintiffs’ attorneys will be paid at a later date.

Highly sensitive personal information about current and former Sony Entertainment employees was stolen and posted online in the 2014 hack.

Hackers calling themselves Guardians of Peace broke into company computers and released thousands of emails and documents as well as sensitive personal information.