Sony Pictures hack exposed 47,000 SSNs; possibly North Korea-linked

Sony Pictures hack exposed 47,000 SSNs; possibly North Korea-linked

The hack at Sony Pictures Entertainment Inc. revealed far more personal information than previously believed, including the Social Security numbers of more than 47,000 current and former employees along with Hollywood celebrities such as Sylvester Stallone.

An analysis of 33,000 Sony Pictures documents by data-security consulting firm Identity Finder LLC found personal information, including salaries and home addresses, posted online for people who stopped working for Sony Pictures as far back as 2000 and one person who began working there in 1955.

Much of the data analyzed by Identity Finder was stored in Microsoft Excel files without password protection.

The documents, reviewed by The Wall Street Journal, also contain the Social Security numbers or taxpayer-identification numbers of thousands of freelancers, including actors who appeared in movies and television shows produced by the Sony Corp.-owned studio, one of Hollywood’s largest. Among them are Mr. Stallone, “The 40-Year-Old Virgin” director Judd Apatow and Australian actress Rebel Wilson.

The personal data can be found alongside contracts and other sensitive documents in files currently being traded on file-sharing networks such as BitTorrent.

Investigators, including teams from Sony Pictures, the Federal Bureau of Investigation and computer-security firm FireEye Inc., say the hackers used methods similar to ones previously attributed to North Korea. The malware was made on a machine with Korean language settings during Korean peninsula working hours and appears very similar to a tool used last year against South Korea banks and television stations, three people briefed on the investigation said.

Commenting Policy

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.

You may use HTML in your comments. Feel free to review the full list of allowed HTML here.