This might be a very naive suggestion (I know nothing about the subject) but couldn't you just take two copies, XOR them and blank out the difference to defeat such signatures?
We're talking about images, so if you take the pixels for example they're just {0,...,255}^n, integers.
You can if you have the original file, but then what's the point?
Otherwise, take image a=original+f1, image b=original+f2. Then if you e.g. average them you still have c=original+f1/2+f2/2 -- so both signatures are kept (theoretically if either you have a large number of sources you could average the signals out of existence, or perhaps the system isn't robust and can't detect multiple sigs). This assumes the introduced signatures are indistinguishable from the source (quite reasonable).
Even if that worked (maybe it does, I don't know) you'd still have the very major obstacle of getting two potential leakers (from presumably separate publications) to find each other and collude without getting caught.
I think that could be avoided by making sure that large parts of the signatures overlap. There's probably some scheme to be able to recover which copies were used to make the leaked copy (up to some finite number of copies, but it quickly becomes impractical to get enough copies).
Over 4 separate files, depending on how they encode the IDs, you might still find out who the leakers are. They might share some bits and not others. The studio can take its time if it has a serious leaking issue.
