Brian Krebs reports:
The recent hacker break-in at Sony Pictures Entertainment appears to have involved the theft of far more than unreleased motion pictures: According to multiple sources, the intruders also stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical and salary information.
Several files being traded on torrent networks seen by this author include an global Sony employee list, a Microsoft Excel file that includes the name, location, employee ID, network username, base salary and date of birth for more than 6,800 individuals.
Read more on KrebsOnSecurity.com
Although Brian mentions “medical” and “healthcare,” the only thing he specifically mentions is health savings plan information, so it’s not clear to me whether there really was any medical info involved. I’ve tweeted a query to Brian about this and will update this post if I get an answer.
UPDATE: Brian added a file tree directory to his post. I’m not linking to it here, but it does appear to refer to named employees who may have filed for medical leaves of absence or were out on worker’s compensation for medical reasons – or were out on disability insurance. How much medical details/diagnoses in the actual files is unknown.