Salary data and addresses of past and present employees revealed
When Hollywood studio Sony Pictures was hacked in November, it wasn’t just future film releases that were leaked. Further examination of the leaked documents revealed that they included staff salary data and internal communications, including gripes about the employer’s management of top stars.
More than 47,000 social security numbers of past and present employees were stolen. And an analysis of 33,000 stolen documents, by information security software company Identity Finder, found they included personal information, salaries and home addresses of workers and freelancers.
Identity Finder chief executive Todd Feinman told technology website Cnet that they had found staff contracts, termination dates, reasons for termination, and other private information on file sharing sites. While the majority of the documents were on Microsoft Excel files that were not password protected.
Security breaches involving the removal of sensitive employee data have hit other large employers including Morrisons, and US firm Target.
"This is a common theme of corporations today. They think they are protected by firewalls and perimeter security, but the border is becoming blurred, and attacks get through," Feinman told Cnet:
A number of Sony employees have also received threatening emails following the hack. The FBI said: "We continue to investigate this matter in order to identify the person or group responsible for the recent attack on the Sony Pictures network, Recent events underscore the persistence and maliciousness of harmful cyber criminals, and the FBI will continue to identify and apprehend those who pose a threat in cyberspace."
A Sony Pictures statement said: “We are aware of the situation and are working with law enforcement.”
There is some debate about who is behind the security breach, with some commentators pointing to North Korea because the studio was working on a film that mocked leader Kim Jong-Un. However, the country has not admitted responsibility.