The top executives at Sony Pictures Entertainment have confirmed that a “brazen” cyber attack on the Hollywood studio using a rare data-wiping virus has resulted in the theft of a large amount of confidential data, including personnel information and business documents.
Cyber attackers identifying themselves as “Guardians of Peace” launched the hack Nov. 24, bringing down Sony’s computer system. Experts believe it is the first major attack on a U.S. company to use a highly destructive class of malicious software that is designed to make computer networks unable to operate, reports Reuters.
Since the attack, internal Sony documents apparently stolen by the hackers and at least five new films produced by the studio have been posted online. On Monday, an editor for the cable channel Fusion said he received a spreadsheet from an anonymous e-mailer containing the salaries of more than 6,000 Sony employees, including the company’s top executives.
In a memo to Sony employees, studio co-chiefs Michael Lynton and Amy Pascal said it was now apparent that a large amount of confidential data had been stolen as a result of “a brazen attack on our company, our employees and our business partners.”
“This theft of Sony materials and the release of employee and other information are malicious criminal acts, and we are working closely with law enforcement,” they said, asking staff members to assume “information about you in the possession of the company” had been compromised and offering all employees identity protection services.
The hack only affected computers with Microsoft’s Windows software. Sony shut down its internal computer network last week to prevent the virus from causing further damage, forcing employees to use paper and pen.
Daniel Clemens, chief executive of cyber security firm PacketNinjas, said he has reviewed the files released to date and found business contracts as well as Social Security numbers, salary information and medical data about employees. “This is a horrible compromise,” he told Reuters.
An FBI cyberthreat alert sent to U.S. businesses on Monday did not specifically mention the Sony hack but described malware that overrides data on the hard drives of infected computers, and can be costly if not impossible to fix.