A US district court has approved a multimillion dollar settlement deal in a lawsuit brought by Sony Pictures employees, for damages they suffered as a result of the massive hack attack on the company in 2014 that leaked troves of sensitive data.
US District Judge R. Gary Klausner ruled in favor of the agreement that obliges Sony to provide some 437,000 victims of the leak with protection against identity theft and a free credit monitoring service for the period from 2014 to 2017.
Since the launch of the service, 18,000 people were reported to have signed up to it.
So far, the exact amount of money Sony will have to pay out to comply with the judge’s orders cannot be given as the deadline for employees qualified for reimbursement or the free credit protection service has not yet expired.
Sony has already spent about $7 million on notifying the victims of the identity theft and establishing a fund that would cover losses inflicted as a result of the theft. This sum doesn’t include plaintiffs’ legal counsel fees, which are yet to be determined by the judge, as well as charges Sony has to pay for the free credit monitoring service.
The company has also committed to set up a fund to indemnify any extra losses. The hack on Sony Pictures’ database in 2014, ahead of the planned release of controversial satirical movie ‘The Interview’, which depicts North Korean leader Kim Jong-un in an unfavorable light and includes a scene of his assassination, was blamed on Pyongyang.
“Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korea actors previously developed,” the FBI said in a statement at the time.
Although North Korea vehemently denied any connection to the attack and even offered to conduct a joint investigation into the hack, the White House suggested Pyongyang must admit culpability and pay for the damages.
US President Barack Obama also backed Sony while criticizing its decision to cancel the release of the movie, and called on lawmakers to step up cybersecurity legislation.