Data Breach Class Action Against Sony Survives Motion To Dismiss
The U.S. District Court in Los Angeles granted a partial motion to dismiss a data breach class action suit against Sony Pictures Entertainment after the breach of sensitive and personal information of at least 15,000 former and current Sony employees, said a post Tuesday on the Hunton & Williams’ privacy and information security law blog. The class action against Sony alleged negligence, breach of implied contract, violation of the California Customer Records Act, violation of the California Confidentiality of Medical Information Act, violation of the Unfair Competition Law, declaratory judgment, violation of Virginia Code 18.2‑186.6, and violation of Colorado Revised Statutes 6-1-716, the post said. “Sony moved to dismiss for lack of Article III standing under Rule 12(b)(1) and failure to state a claim under Rule 12(b)(6),” it said. Sony’s challenge against Rule 12(b)(1) was rejected, as the court said the “personally identifiable information (PII) was stolen and posted on file-sharing websites for identity thieves to download, and that the PII was used to send threatening e-mails to employees and their families,” the post said. Challenges to Rule 12(b)(6) were both granted and denied. The plaintiffs' argument that implied contract claim was breached was dismissed, as were the claims the breach violated the California Customer Records Act, and the Virginia and Colorado breach notification claims, the post said. Negligence claims against Sony were granted and the Unfair Competition Law claim also advanced, the post said. Sony had no immediate comment.