Sony Pictures Entertainment is not getting a break from the security break it experienced last month that resulted in Sony shutting down its computers. In the aftermath of the attack, the hackers, called Guardians of Peace, released a set of documents that included around 47,000 Social Security numbers for actors as well as current and former employees.
The Wall Street Journal reviewed the leaked documents and discovered social security numbers for thousands of freelancers as well as current and former employees. SSNs were also found for Hollywood actors who have appeared in movies and TV shows, produced by Sony, which includes Sylvester Stallone, Judd Apatow, and Rebel Wilson.
Data-security firm Identity Finder LLC also analyzed 33,000 Sony documents and discovered personal data, which includes salaries and home addresses, for people who had stopped working at Sony Pictures all the way back from 2000 and even one person who had started working for the company back in 1955. The information was gleaned from Microsoft Excel files that were posted online by #GOP.
But in addition to the SSNs for actors and employees, Identity Finder discovered more than 1.1 million Social Security numbers though many of them were duplicates since there were multiple copies of the data.
"When you have multiple copies of this data, you are giving hackers multiple opportunities to steal sensitive information when they get through," said Identity Finder CEO Todd Feinman. "If Sony had reduced its sensitive data footprint by reducing the number of copies of data and reducing the number of employees with access to the data, we would have seen zero or only one file."
Despite the leak of such sensitive information, Sony Pictures representatives have not provided any comments on the matter. Meanwhile, Sony is still investigating the nature of the breach, with suspicions being directed at North Korea, and is being assisted by the FBI and FireEye Mandiant.