Kevin Roose reports:
Yesterday, I reported on a spreadsheet apparently taken from Sony Pictures Entertainment, one of the largest and most powerful studios in Hollywood, by a group of hackers calling themselves Guardians of Peace. The document, which listed the names, titles, and salaries of more than 6,000 Sony Pictures employees including senior executives (and may have revealed a gender pay discrepancy), appears to be part of an enormous data breach that hit the studio last week, forcing them to shutter computer systems, move employees to paper and pencils, and call in the FBI and private security researchers to investigate the hack.
[…]
Here are just a few of the revelations I found in the leaked archives – most in normal, unencrypted Excel and Word files, labeled as plain as day:
A spreadsheet listing the names, birth dates, and social security numbers of 3,803 Sony Pictures employees, including all of the company’s top executives. (Happy birthday, Wendy!)
A spreadsheet listing the division-by-division Sony Pictures payroll, as well as breaking down costs for raises and other pay changes. (The company’s total salaries, as of May, were listed at $454,224,070.)
A spreadsheet listing Sony Pictures employees who were fired or laid off in 2014 as part of the company’s reorganization, along with the reasons for their termination. Also on this spreadsheet: estimates of “TOTAL COST TO SEVER,” or the amount Sony Pictures calculated it had to pay to terminate each person’s employment, including severance pay, COBRA health benefits, and outplacement costs.
Read more on Fusion.
Today, the Hollywood Reporter reports:
Sony Pictures Entertainment chiefs Michael Lynton and Amy Pascal have released a memo to staff addressing a recent hack against the company. The memo, which was sent to all of Sony’s approximately 6,600 employees, is an apparent admission that information leaked online this week is accurate.
Acknowledging that “a large amount of confidential Sony Pictures Entertainment data has been stolen by the cyber attackers, including personnel information,” Lynton and Pascal sent a message to the company’s employees reassuring them that “the privacy and security of our employees are of real concern to us” and offering them identity protection services.
Read more on Yahoo!
Once again, it seems, Sony is playing catch-up in communications. Given recent revelations by Brian Krebs and Kevin Roose, it needs to get its PR team in high gear to issue a press release that confirms what it already knows.