Sony has agreed to pay up to $8m over employees’ personal data lost in the 2014 hacking scandal surrounding the release of The Interview.
Hackers had broken into the company’s computers and released thousands of items of personal information in an attempt to derail the release of the North Korea-themed comedy.
The employees argued they suffered economic harm from the stolen data.
US investigators have blamed North Korean hackers for the attack.
The cyber attack wiped out massive amounts of data and led to the online distribution of emails, personal and sensitive employee data as well as pirated copies of new movies.
The lawsuit against Sony was filed by former employees claiming the company’s negligence caused them economic harm by forcing them to step up credit monitoring to address their increased risk of identity theft. They described the data breach as an “epic nightmare.”
The movie depicted the fictional assassination of North Korean leader Kim Jong Un.
The cyber-attack drew widespread international attention and Sony subsequently stopped the movie’s general release.
A unknown group calling itself #GOP – later identified as Guardians of Peace – claimed it was behind the attack, prompting the FBI to launch an investigation.
North Korea dismissed any suggestion it may have had a hand in the attack as a form of retaliation for Sony’s release of The Interview. A North Korean foreign ministry spokesman had earlier called the movie an “act of terrorism”, promising “merciless” retaliation if it was released.
The movie eventually received a much smaller release and was offered through legal digital downloads.
The settlement with a US District Court in Los Angeles still needs to be approved by a judge but it sees Sony paying pay up to $8m to reimburse current and former employees for losses, preventative measures and legal fees related to the hack of its computers last year.
Under the agreement, the company will pay up to $10,000 a person, capped at $2.5m, to reimburse workers for identity theft losses, up to $1,000 each to cover the cost of credit-fraud protection services, capped at $2m, and up to $3.5m to cover legal fees.
Sony Entertainment chief executive Michael Lynton called the agreement “an important, positive step forward in putting the cyber-attack firmly behind us”.
“I think that there was not that much impact from a business perspective,” Sony chief executive Kazuo Hirai said, speaking at a technology conference in California.
“There was impact for a very short time on the morale of the employees, but I think they have come around. We did learn some lessons with becoming more robust in terms of security, and we have done that. We have come out being a stronger and more resilient business.”
The court had dismissed Sony’s initial attempt to stops the court case, confirming that the employees could pursue their claims that Sony was negligent and violated a California confidentiality law.