Home / / Employee data leaked as Sony struggles to restore systems

Employee data leaked as Sony struggles to restore systems

Ransomware saga enters second week; still no confirmation as to culprit

Employee data leaked as Sony struggles to restore systems
Sony Pictures is responsible for movies such as the Amazing Spider-Man series.

US-based Sony Pictures Entertainment was still trying to bring parts of its network back online yesterday as it entered day eight of a sustained ransomware outage, while reports surfaced of leaked social security numbers and salary details.

Sony movies that have yet to be released turned up on torrent sites in recent days and, according to fusion.net, a trove of company data, including more than 6000 employees’ personal information, was dumped on underground repository pastebin.

Sony Pictures, responsible for movies such as the Amazing Spider-Man series, involved the FBI and FireEye’s forensics unit, Mandiant. The FBI has since revealed that some of the software bore hallmarks of Korean origin, but all parties have remained tight-lipped on the responsible party.

According to several reports, which cite unnamed insiders, the prime suspect in the attack, which reportedly had employees working with pen and paper for several days, is a North Korea-backed group.

In June, the Pyongyang government sent a letter of protest to UN secretary-general Ban Ki Moon regarding a Sony Pictures movie. The film, titled “The Interview”, tells the story of a journalist and his producer who, having been granted a rare interview with North Korean leader Kim Jong Un, are recruited by the CIA to assassinate him. The letter denounced the movie as "undisguised sponsoring of terrorism, as well as an act of war".

The attack on Sony Pictures carried a warning from a collective called #GOP, which according to the LA Times stands for Guardians of Peace. The group threatened the release of “secrets” if its demands were not met, but for now it is not certain whether the demands had to do with “The Interview”.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.