Sony Pictures Entertainment has agreed to pay up to $8 million to resolve a lawsuit by employees who claimed their personal data was stolen in a 2014 hack tied to the studio’s release of “The Interview,” an political satire comedy film about North Korean leader Kim Jong-Un, according to BBC.
Sony will pay up to $2.5 million, or $10,000 per person, to reimburse employees for identity theft losses and up to $2 million, or $1,000 per person, to reimburse them for protective measures they took after the cyberattack. Sony has also agreed to pay up to $3.49 million to cover legal fees and costs, according to court papers.
The company called the agreement “an important, positive step forward in putting the cyber-attack firmly behind us.”
Sony Pictures Entertainment fell victim to a network security breach that defaced staff computers worldwide and stole internal data as well as company-owned Twitter account credentials, as HOTforSecurity reported last November. The hackers, operating under the name “Guardian of the Peace” group, wanted to stop Sony from releasing the controversial movie.
The average consolidated total cost of a data breach has risen 23% since 2013 to $3.8 million, according to Cost of Data Breach, a study of 350 companies from 11 countries released by Ponemon Institute. Data breaches cost most in the US and Germany, with an average total organizational cost of $6.5 million in the US and $4.9 million in Germany. Lost business due to data breaches, the most severe financial consequence, is also costing companies more. The cost rose from a total average of $1.33 million last year to $1.57 million in 2015, including the abnormal turnover of customers, increased customer acquisition activities, reputation loss and diminished goodwill. Growing awareness of identity theft and consumers’ concerns about the security of their personal data following a breach has contributed to the rise, the document shows.