Sony left confidental data vulnerable: Lawyer

Sony Pictures Entertainment knew its film "The Interview" could prompt a cyberattack as early as June and failed to implement proper security measures to protect employee information, a lawyer representing ex-Sony workers in a lawsuit against the company said on Monday.

After Sony was hacked, former employees also received little guidance from company leadership on what information had been leaked and how to respond, lawyer Matthew George of Girard Gibbs argued.

"Former employees that we've been in touch with have expressed a lot of concern about getting information from the company about how to respond to this," George told CNBC's "Squawk on the Street."

A sign outside Sony Pictures Entertainment in Culver City, Calif.
Mario Anzuoni | Reuters
A sign outside Sony Pictures Entertainment in Culver City, Calif.

Sony now faces several class-action lawsuits stemming from last month's hack of its computer systems. Former employees have alleged that the company failed to protect confidential data and lacked transparency when describing the scope of the breach.

Read MoreThe Sony hack and Kim Jong Un's cyberallies

The cyberattack, launched in retaliation to a Sony comedy that features reporters attempting to assassinate North Korean leader Kim Jong Un, led to the release of thousands of company emails and files. U.S. officials said last week that North Korea was behind the attack.

Sony Pictures CEO Michael Lynton recently told CNN that the FBI determined the malware behind the breach would have infiltrated 90 percent of companies. He continues to maintain that Sony had placed protections on its data.

"We had absolutely sufficient cybersecurity," Lynton said.

Read MoreSony: Let's be clear—'The Interview' isn't over

George argued that Sony showed negligence in placing safeguards on employee information. He noted cases in which sensitive information like health-care data and Social Security numbers were put into spreadsheets with no password protection.

"I think we're going to have to examine all those levels to see if Sony's claims that cybersecurity was top notch is true," George said.

Plaintiffs in the cases seek compensation for damages caused by the data breach and protections like credit monitoring and identity theft insurance.

Sony did not immediately respond to a request for comment from CNBC.