The breach at Sony Pictures Entertainment may turn out to be far more damaging than the 2011 PlayStation Network attack, following reports that five new films, details of business contracts, and the personal data of thousands of employees have been leaked online.
Much like the PSN hack, Sony initally tried to play down the incident but bosses have now confirmed the attack – thought to have been carried out using a rare data-wiping virus – has resulted in the theft of a large amount of confidential data, including personnel information and business documents.
On Monday, an editor for the cable channel Fusion said he had received a spreadsheet from an anonymous source containing the salaries of more than 6,000 Sony employees, including the company’s top executives. The five films include Brad Pitt World War II movie Fury and the new version of the musical Annie.
The hackers, who have identified themselves as “Guardians of Peace” launched the hack on Novemver 24, bringing down Sony’s computer system. Experts believe it is the first major attack on a US company to use a highly destructive class of malicious software that is designed to make computer networks unable to operate, Reuters said.
In a memo to Sony employees, studio co-chiefs Michael Lynton and Amy Pascal said it was now apparent that a large amount of confidential data had been stolen as a result of “a brazen attack on our company, our employees and our business partners.”
“This theft of Sony materials and the release of employee and other information are malicious criminal acts, and we are working closely with law enforcement,” they said, asking staff members to assume “information about you in the possession of the company” had been compromised and offering all employees identity protection services.
The hack has only affected computers running Microsoft Windows but Sony shut down its internal network last week to prevent the virus from spreading, with staff forced to revert to the rather less technological concept of paper and pen.
In the wake of the 2011 hack attack, in which the personal information of about 77 million PSN users worldwide was compromised, Sony chiefs came under a barrage of criticism for the handling of the issue.
It took Sony over a week to admit there had been a breach and even then it initially refused to take any blame. The company, which was blasted by the EU, the FBI and other US government officials as well as by its millions of customers, was eventually fined £250,000 by the UK Information Commissioner’s Office for breaching UK data protection laws.
Sony calms fears over data threat
Sony defiant despite paying ICO fine
ICO defends ‘paltry’ £250k Sony fine
Sony outage fuels legal battle
Bullish Sony chief risks backlash
New hack as PSN relaunches site
Sony refuses to take blame for hack
Sony: ‘Anonymous’ sparked hack
EU chief sticks the boot into Sony
New Sony breach as FBI probes
PlayStation hack hits credit cards
77m fear fraud in PlayStation hack
To leave a comment please register – it takes less than a minute and is free of charge. You will also get our weekly email update The DM Report (to opt out contact firstname.lastname@example.org). If you are an existing user, please log in. If you have forgotten your log-in details please email email@example.com to get them reset!