Hacked Sony data included personal info of stars, employees

It would have probably been just a wee bit of OK if the recent hacking incident at Sony only involved unreleased movies, secret trailers, or even overpriced budgets. But alas, the invasion is far more widespread and far more personal. The latest word is that included in the hacked data, which is now freely floating on the Internet, includes information on more than 47,000 current and former employees, as well as Hollywood stars. And that data unfortunately include Social Security Numbers and addresses.

This latest scandal perhaps overshadows the recent debacle surrounding Apple's iCloud service and compromising shots of certain actresses, because it involved not just big names but even Sony's regular employees. And the information gathered is far-reaching both in scope and time, with data on employees that go as far back as 2000 and even one in 1955. The NSA would probably be jealous. But it is no laughing matter, especially considering how employee and studio information was actually stored on Sony's computers.

Microsoft Excel files without password protection. Plain files containing passwords conspicuously named "Passwords". This are just some of the security practices employed at Sony, which will probably make you feel less sorry for the company. To be fair, there hasn't been much emphasis on corporate security pre-Snowden, at least none that we know of, but some anonymous employees have hinted that Sony was especially lax in this department. And it definitely wasn't ignorant. Some have allegedly reported such poor security practices to Sony's Information Security team, made up of only 11 people, out of a roster of 7,000, in three layers of bureaucracy. Now we all know what happened, or rather didn't happen, to those reports.

North Korea is being painted as the villain in this story. The secretive regime expressed ire over references made to their leader, Kim Jong-Un. Would that necessitate retaliation of this kind? North Korea is definitely not admitting to it, but security analysts have pointed out similarities in the Sony hacks with attacks made against South Korea, without explicitly naming the North, of course.

For its part, Sony promises to give a year's worth of free credit monitoring and fraud protection to employees affected by the incident, which could be quite a lot, considering the scope. Some former employees claim that Sony has not contacted them about the incident and have made no such offer, implying it could be limited only to current employees. Others think that only a year of protection might not be enough, especially since their identities will last forever on the Internet.

SOURCE: Wall Street Journal, Fusion