IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Sony Pictures hack: Ex-employees to be paid up to $8m in damages

Sony agrees pay-outs for employees whose detailed were leaked by hackers

Sony Pictures movie studio hacked on 24 November 2014 by group known as #GOP or Guardians of Peace, who threatened to leak sensitive company data. Several future film releases are published online in the wake of the hack, along with social security details, salary information, contact numbers and the addresses of a number of celebrities. Hackers demanded Sony pull the release of the forthcoming Seth Rogen comedy The Interview, which centres on an assassination attempt on North Korean leader Kim-Jong Un.  GOP refers to to 9/11 Twin Towers attack in their threat, prompting cinemas to cancel movie premiere and thousands of showings. Sony cancelled the planned Christmas Day US release of the film, but later relented.  North Korea cited as source of the attack, but denies it's to blame. However, says it could be the work of those sympathetic to its cause. Sony has threatened to sue Twitter if it does not suspend users who share stolen data. Sony agree to pay up to $8 million to employees whose personal data was lost due to the hack.

Sony Pictures has agreed to pay employees affected by last year's hacking scandal up to $8 million, after staff said they had suffered 'economic harm' when their data was stolen.

As reported by BBC News, the breach was described as an "epic nightmare" by former employees who filed a lawsuit against Sony citing negligence and claiming they had needed to spend money on credit monitoring following the hacks.

The hacks were most likely carried out using the Apple IDs of employees, according to security experts.

The $8 million settlement still has to be approved by a judge at the US District Court in Los Angeles, with an estimated $3.5 million allotted for each person's legal fees alone.

Speaking at a technology conference in California, Sony chief executive Kazuo Hirai said: "I think that there was not that much impact from a business perspective. There was an impact for a very short time on the morale of the employees, but I think they have come around.

"We did learn some lessons with becoming more robust in terms of security, and we have done that. We have come out being a stronger and more resilient business."

Hackers used spear phishing to target employees with high-level access to the studio's network, Stuart McClure, founder and CEO of Cylance, and formerly the CTO of McAfee, claims.

His conclusions are based on an analysis of the malware used in the attack and the files the hackers made available on the internet.

These emails sent by the hackers appeared to be from Apple, asking employees to verify their credentials because unauthorised activity had been detected on their accounts.

When a target clicked the link to reset their account, the employees were redirected to an official-looking account verification page.

In an interview with Politico, McClure said: "We started to realise that there was constant email around Apple ID email verification, and it was in a number of inboxes. It was clear to us that this was the likely scenario.

"There were multiple attempts at spear phishing from the Oct. 3 to Nov. 3 timeline that were getting incredibly more sophisticated as they went on."

When the hackers received the verification details, they were able to guess internal passwords used by the employees for their internal communications.

In some cases, the account verification screen requested that targets used their alternative email credentials to verify their account, which the criminals hoped would be their Sony account details.

"A number of these users whose credentials had been captured and then hard-coded into the malware were folks who had significant access to the network," McClure concluded.

The news comes as Sony Pictures co-chair Amy Pascal prepares to launch her own production company, funded by Sony for at least four years as part of a severance deal.

Sony lost 10 terabytes of data to hackers in November 2014, including sensitive executive emails, entire feature films and personnel files.

Among the leaked information was a series of emails exchanged between Pascal and film producer Scott Rudin, which contained derogatory assertions about President Obama's favourite films and movie stars.

Both parties apologised after details of the emails first came to light in December

Is North Korea to blame?

US has blamed North Korea for the Sony Pictures hack because the NSA witnessed the first attack emanate from the country's computer systems, it is claimed.

The spy agency installed an "early warning radar" on North Korean hackers' IT systems back in 2010, as it grew concerned over the country's increasing cyber credentials, the New York Times reports.

Citing anonymous sources, the publication added that this sneak software monitored North Korea's cybercrime movements, and led directly to President Barack Obama accusing the country of ordering the Sony hack, initiating a "proportional" response from the US.

The hack later led Sony to cancel the cinema release of Seth Rogen comedy The Interview, about two journalists hired to assassinate North Korea leader Kim Jong-un, before later changing its mind.

The claims are supported by a leaked NSA document cited by Der Spiegel.

The NY Times report suggests the NSA saw the attack come from North Korean hackers targeting Sony, but the agency failed to warn the film studio because it did not recognise the significance of the first spear-phishing malware.

The news today comes after commentators voiced scepticism over US claims the hack originated in North Korea.

Initially the hackers made no demands about pulling the release of The Interview, and instead wanted "monetary compensation".

The hackers only mentioned The Interview when it had already been linked to the attack by the media.

Cyber security expert Graham Cluley wrote in a blog post in January: "If the claims are true, it would certainly help explain why the White House so quickly and definitively blamed North Korea for the attack even in the apparent absence of convincing evidence.

"But it doesn't explain why in the earliest communications between the hackers and Sony Pictures, there was no mention of "The Interview" and the hackers' demands were not for a movie to be withdrawn, but for Sony Pictures to stump up a ransom."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download


AWS’ Amplify Studio is now generally available 

AWS’ Amplify Studio is now generally available 

22 Apr 2022
TSMC founder brands Intel’s US expansion plans an ‘exercise in futility’

TSMC founder brands Intel’s US expansion plans an ‘exercise in futility’

22 Apr 2022
Google to invest $9.5 billion in US offices and data centres this year
data centres

Google to invest $9.5 billion in US offices and data centres this year

13 Apr 2022
Microsoft allegedly fired whistleblower for exposing company corruption
Policy & legislation

Microsoft allegedly fired whistleblower for exposing company corruption

28 Mar 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022