Sony Pictures Entertainment will pay up to $8 million to draw a line under a lawsuit filed by employees after it suffered a major destructive cyber attack almost a year ago.
The movie giant claimed in court papers filed in Los Angeles on Monday and seen by Reuters that it would pay up to $2.5m ($10,000 per person) to current and former staff who experienced “unreimbursed losses from identity theft of misuse” following the attack.
It will also shell out up to $2m ($1,000 per person) to reimburse them for “preventative measures” they’ve taken against identity theft following the cyber attack.
Finally, up to $3.49m will be paid to cover legal fees and costs.
Although $8 million is a drop in the ocean to a corporate behemoth like Sony Pictures, the case nevertheless highlights the mounting costs that can accrue from a serious cyber attack.
The firm has already revealed a $15 million bill for remediation and clean-up following the incident, which was one of the most unusual and damaging in many years.
For starters, the FBI blamed the attack on North Korean hacktivists, which it said retaliated against a movie – The Interview – which lampooned leader Kim Jong-un.
Washington was pretty confident what it heard from the agency was true as it levied new sanctions against the totalitarian state soon after.
The attack itself not only forced a network shutdown as it began destroying sensitive internal files, but it was combined with a data stealing operation.
As a result, huge volumes of sensitive data – both on current and former employees and of internal emails about movie projects and stars – were made public.
The fall-out was identity fraud attacks on said employees and a reputation hit for Sony Pictures, whose CEO Amy Pascal stepped down two months later after impolitic emails from her criticizing big name stars.
As if that weren’t enough, the movie itself was pulled from cinemas after anonymous terrorist threats were made to Sony.