Sony Pictures hack: Ex-employees to be paid up to $8m in damages

Sony agrees pay-outs for employees whose detailed were leaked by hackers

Sony hack: The story so far News of the Sony Pictures hack first emerged on Monday 24 November, after hackers seized control of its computer systems while threatening to release sensitive data about the firm, forcing it to shut up shop. The FBI was also called in around this point to investigate the breach.

Deadline claims the firm's staff were greeted by an onscreen message, after switching on their machines, telling them their computers had been compromised.

The hackers made good on their promise to leak further damaging information about the company and its staff by dumping documents containing thousands of passwords and celebrity social security numbers on torrent sites shortly after.

There are reportedly 139 Word documents, Excel spreadsheets, ZIP files and PDFs contained in the most recent haul that feature passwords belonging to the company's internal networks, social media, news subscriptions and online shopping accounts, reports Buzzfeed.

Many of the social accounts are linked to old Sony Pictures films, including Ghostbusters, The Social Network and Easy A, and have relatively easy-to-crack passwords.

Meanwhile, the Wall Street Journal reports that more than 47,000 social security numbers belonging to a slew of celebrities, including action hero Sylvester Stallone, film director Judd Apatow and Pitch Perfect star Rebel Wilson.

These details came to light following an investigation by infosecurity firm Identity Finder, who analysed 33,000 documents that have circulated in the wake of the breach, which contained salary information and the home addresses of people who have previously worked for the company.

A slew of the company's films have also appeared on pirated film sites in the wake of last month's hack, including the studio's remake of Annie, World War 2 drama Fury and Mr. Turner.

The perpetrators know as #GOP - previously warned the attack was just the beginning and their actions will continue until some unspecified demands are met.

If this doesn't happen, the group threatened to release some of the company's data, prompting speculation the premature release of these films is related to this threat.

"We already warned you, and this is just a beginning. We continue till our request be met (sic)," the onscreen message posted by the hackers said.

"We've obtained all of your internal data including your secrets and top secrets. If you don't obey is, we'll release the data...to the world."

The film studio has been effectively held to ransom by #GOP, with staff being warned not to login to company networks or email systems until further notice.

Resolving the attack

Another report on US entertainment site Variety claims the company's staff have been told the problem could take anywhere between a day to three weeks to sort out, and - in the meantime - all staff must disable Wi-FI corporate devices and leave their computers switched off.

Initially, Sony declined to confirm a hack has taken place, and simply stated it was "investigating an IT matter." However, in recent days, it has described the incident and the subsequent release of the films and documents as "malicious criminal acts."

Furthermore, the company has also offered past and present employees one year of free fraud protection to help protect them from the fallout from the breach.

While the attack is not thought to have affected other parts of Sony's business, it is certainly not the first time the company's business units have found themselves under attack from hackers.

The firm's Playstation Network was knocked offline earlier this year by a Distributed Denial of Service attack, while an earlier hack on the gaming platform in 2011 resulted in the firm being hit with a 250,000 fine by the UK Information Commissioner's Office (ICO).

This story was initially published on 25/11/14, but has been subsequently updated (most recently on 21/10/15) to reflect details of the data leaks, the suspected source of the attack, the cancelled release date and the claims the NSA had access to North Korean hackers' IT systems.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

US delays 5G rollout over aviation safety concerns
5G

US delays 5G rollout over aviation safety concerns

4 Jan 2022
HPE wins contract for Kestrel supercomputer with US renewable energy lab
high-performance computing (HPC)

HPE wins contract for Kestrel supercomputer with US renewable energy lab

2 Dec 2021
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Solving cyber security's diversity problem
Careers & training

Solving cyber security's diversity problem

5 Jan 2022