Sony Pictures Entertainment has failed in an attempt to dismiss a legal action brought by nine ex-employees over the cyber hack that crippled the studio.
A US judge said the plaintiffs could pursue claims that the film unit of the Sony corporation had been negligent.
The plaintiffs are seeking to hold Sony liable for not bolstering security after previous breaches.
"We are pleased that the court has properly recognised the harm to Sony's employees," said lawyer Michael Sobol.
Many Sony employees had their personal details made public in 2014 when a group calling itself Guardians of Peace leaked data from the studio's computers.
The attack was described as an act of revenge motivated by Sony's release of The Interview, a comedy about an assassination attempt on North Korea's leader.
The nine plaintiffs claim Sony Pictures Entertainment violated a California confidentiality law by spurning security measures to stop the theft of employees' salary and health data, Social Security numbers and other sensitive information.
Without ruling on their action's merits, US District Judge Gary Klausner said Sony had created a "special relationship" with its employees by requiring them to provide personal information to be eligible for salaries and benefits.
The former workers said Sony's negligence caused them economic harm and that the hack had been "an epic nightmare, much better suited to a cinematic thriller than to real life".
The Interview, starring James Franco and Seth Rogen as journalists recruited by the CIA to assassinate Kim Jong-un, was initially withdrawn from cinemas but was later made available online.