Sony Hack Settlement Gets Judge's Preliminary Approval

A federal judge has also conditionally certified the class action alleging Sony was negligent in its handling of personal information.
Courtesy of Sony Pictures Entertainment

About a year from the day when a massive hack of Sony Pictures became public, a federal judge has granted a motion for preliminary approval of the company's settlement with its former employees.

The deal is worth somewhere between $5.5 million to $8 million — with plenty of caveats. An estimated 435,000 persons will be eligible to draw from a $2 million cash fund for preventive measures taken to protect against identity theft. Sony has also agreed to provide identity protection services through AllClear ID for the next two years and pick up the tab for a further $2.5 million for class members who are able to show unreimbursed loss from identity theft attributable to the Sony Pictures cyberattack.

The big winners are the plaintiffs' attorneys, who are due to get almost $3.5 million for a few months of work.

In order to preliminarily approve the settlement, U.S. District Judge R. Gary Klausner needed to also grant conditional class certification.

Before the settlement was made, Sony challenged whether there was any way to prove on a class basis, through generalized evidence, that injuries were the result of a hack attributed to North Korea rather than the exposure of personal information from hacks upon other companies including Dropbox, Home Depot or Target.

Klausner glides past that objection to find that the plaintiffs have sufficiently shown commonality and typicality with regards to questions of law, fact, claims and defenses.

"Here, common questions pertain to SPE’s alleged negligent conduct, and uniformly apply to Plaintiffs and all Class Members," he writes. "Therefore, the resolution of the issues in this case would apply to all Class Members, and class action is a superior vehicle for the resolution of these issues."

The judge then nods to the factors including the strength of the case and the risk and expense of litigating it to find that preliminary approval is merited. The plaintiffs' attorneys will have to submit a separate application for approval of their attorneys' fees.

Klausner will still need to grant final approval, and the settlement could be subject to a fairness hearing. Even if the multimillion dollar deal ultimately gets a judicial nod, some former employees could opt out. On Tuesday, for instance,  former Sony vice president Amy Heller filed a new lawsuit against Sony alleging that that the hack caused the leak of information — including an allegation that she stole a $90 ergonomic mouse upon leaving the company — that may cause her difficulty in finding a new job. Presumably, since she filed the lawsuit after the settlement, she'll be opting out to pursue her negligence claim against Sony.

Since the settlement was first announced, there's been one substantive change. The deal now not only covers those who worked at Sony Pictures, but also anyone who worked at the studio's subsidiaries, which basically means that it will be covering a much wider swath of those impacted by the data breach. It's for this reason that the deal is now being estimated by Sony to cover 435,000 persons instead of the several thousand estimated by plaintiffs.  Of course, if all these people submit preventive measure claims, the $2 million won't go very far in terms of reimbursement.

comments powered by Disqus