Let’s recap: In November 2014, a hacking group known as the Guardians of the Peace, widely assumed to be based in North Korea, attacked Sony Pictures to devastating effect. The entire company was, for lack of a better word, pwned. Internal emails got out, the salaries for the top brass, the entire accounting structure of the firm, copies of upcoming films, and of course, boatloads of personally identifying information (PII) that hackers could use to open fake lines of credit in the name of their victims.
Legal scientists are now able to put an accurate price tag on the cost of getting hacked by North Korea. That price is $8 million, part of a settlement reached between Sony Pictures Entertainment and employees whose personal information was exposed during last year’s embarrassment. Of this sum, $2.5 million goes to individual workers to compensate for all that identity theft. Each affected individual may claim up to $10,000. An additional $2 million goes to the cost of credit monitoring, at a cost of $1000 per person. The rest of that money, up to $3.5 million, goes to the lawyers.
If you aren’t an information security expert, this number might seem a bit… low, given all the pain and frustration involved. But compared to other, even larger breaches, the Sony victims are actually getting a pretty good deal.
Consider the fallout of a different hack—Target’s 2013 breach. The victims of this breach were affected badly, in that they had their names and credit card numbers stolen. Also, there were more than 100 million affected customers, as opposed to a maximum of 45,000 victims in the Sony hack. However, in a class action lawsuit from earlier this year, the Target victims only got $2 million more than the Sony victims. Furthermore, the Target victims will be able to claim a maximum of $10,000 in damages, as in the Sony case, but most victims won’t be able to claim anything. This is due to an extremely high burden of proof.
So, the victims of the Sony breach are actually getting a pretty good deal. Due to the higher visibility of the attack, and the comparative ease of proving that they were victimized, they actually have a chance of collecting the $10,000 that they’ve been allocated. However, when you look at the amount of hardship these people have gone through, including personal threats from the hackers themselves, $10,000 does start to seem a little low. It does make you wonder how much those lawyers did to earn those expensive fees they’re collecting.
[Post image via Shutterstock]