IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Sony Pictures hack: Ex-employees to be paid up to $8m in damages

Sony agrees pay-outs for employees whose detailed were leaked by hackers

Sony hack: The story so far News of the Sony Pictures hack first emerged on Monday 24 November, after hackers seized control of its computer systems while threatening to release sensitive data about the firm, forcing it to shut up shop. The FBI was also called in around this point to investigate the breach.

Deadline claims the firm's staff were greeted by an onscreen message, after switching on their machines, telling them their computers had been compromised.

The hackers made good on their promise to leak further damaging information about the company and its staff by dumping documents containing thousands of passwords and celebrity social security numbers on torrent sites shortly after.

There are reportedly 139 Word documents, Excel spreadsheets, ZIP files and PDFs contained in the most recent haul that feature passwords belonging to the company's internal networks, social media, news subscriptions and online shopping accounts, reports Buzzfeed.

Many of the social accounts are linked to old Sony Pictures films, including Ghostbusters, The Social Network and Easy A, and have relatively easy-to-crack passwords.

Meanwhile, the Wall Street Journal reports that more than 47,000 social security numbers belonging to a slew of celebrities, including action hero Sylvester Stallone, film director Judd Apatow and Pitch Perfect star Rebel Wilson.

These details came to light following an investigation by infosecurity firm Identity Finder, who analysed 33,000 documents that have circulated in the wake of the breach, which contained salary information and the home addresses of people who have previously worked for the company.

A slew of the company's films have also appeared on pirated film sites in the wake of last month's hack, including the studio's remake of Annie, World War 2 drama Fury and Mr. Turner.

The perpetrators know as #GOP - previously warned the attack was just the beginning and their actions will continue until some unspecified demands are met.

If this doesn't happen, the group threatened to release some of the company's data, prompting speculation the premature release of these films is related to this threat.

"We already warned you, and this is just a beginning. We continue till our request be met (sic)," the onscreen message posted by the hackers said.

"We've obtained all of your internal data including your secrets and top secrets. If you don't obey is, we'll release the data...to the world."

The film studio has been effectively held to ransom by #GOP, with staff being warned not to login to company networks or email systems until further notice.

Resolving the attack

Another report on US entertainment site Variety claims the company's staff have been told the problem could take anywhere between a day to three weeks to sort out, and - in the meantime - all staff must disable Wi-FI corporate devices and leave their computers switched off.

Initially, Sony declined to confirm a hack has taken place, and simply stated it was "investigating an IT matter." However, in recent days, it has described the incident and the subsequent release of the films and documents as "malicious criminal acts."

Furthermore, the company has also offered past and present employees one year of free fraud protection to help protect them from the fallout from the breach.

While the attack is not thought to have affected other parts of Sony's business, it is certainly not the first time the company's business units have found themselves under attack from hackers.

The firm's Playstation Network was knocked offline earlier this year by a Distributed Denial of Service attack, while an earlier hack on the gaming platform in 2011 resulted in the firm being hit with a 250,000 fine by the UK Information Commissioner's Office (ICO).

This story was initially published on 25/11/14, but has been subsequently updated (most recently on 21/10/15) to reflect details of the data leaks, the suspected source of the attack, the cancelled release date and the claims the NSA had access to North Korean hackers' IT systems.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022
AWS’ Amplify Studio is now generally available 
Development

AWS’ Amplify Studio is now generally available 

22 Apr 2022

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022