Sony Pictures hack: Ex-employees to be paid up to $8m in damages

Sony hack: The story so far News of the Sony Pictures hack first emerged on Monday 24 November, after hackers seized control of its computer systems while threatening to release sensitive data about the firm, forcing it to shut up shop. The FBI was also called in around this point to investigate the breach.

Deadline claims the firm's staff were greeted by an onscreen message, after switching on their machines, telling them their computers had been compromised.

The hackers made good on their promise to leak further damaging information about the company and its staff by dumping documents containing thousands of passwords and celebrity social security numbers on torrent sites shortly after.

There are reportedly 139 Word documents, Excel spreadsheets, ZIP files and PDFs contained in the most recent haul that feature passwords belonging to the company's internal networks, social media, news subscriptions and online shopping accounts, reports Buzzfeed.

Many of the social accounts are linked to old Sony Pictures films, including Ghostbusters, The Social Network and Easy A, and have relatively easy-to-crack passwords.

Meanwhile, the Wall Street Journal reports that more than 47,000 social security numbers belonging to a slew of celebrities, including action hero Sylvester Stallone, film director Judd Apatow and Pitch Perfect star Rebel Wilson.

These details came to light following an investigation by infosecurity firm Identity Finder, who analysed 33,000 documents that have circulated in the wake of the breach, which contained salary information and the home addresses of people who have previously worked for the company.

A slew of the company's films have also appeared on pirated film sites in the wake of last month's hack, including the studio's remake of Annie, World War 2 drama Fury and Mr. Turner.

The perpetrators know as #GOP - previously warned the attack was just the beginning and their actions will continue until some unspecified demands are met.

If this doesn't happen, the group threatened to release some of the company's data, prompting speculation the premature release of these films is related to this threat.

"We already warned you, and this is just a beginning. We continue till our request be met (sic)," the onscreen message posted by the hackers said.

"We've obtained all of your internal data including your secrets and top secrets. If you don't obey is, we'll release the data...to the world."

The film studio has been effectively held to ransom by #GOP, with staff being warned not to login to company networks or email systems until further notice.

Resolving the attack

Another report on US entertainment site Variety claims the company's staff have been told the problem could take anywhere between a day to three weeks to sort out, and - in the meantime - all staff must disable Wi-FI corporate devices and leave their computers switched off.

Initially, Sony declined to confirm a hack has taken place, and simply stated it was "investigating an IT matter." However, in recent days, it has described the incident and the subsequent release of the films and documents as "malicious criminal acts."

Furthermore, the company has also offered past and present employees one year of free fraud protection to help protect them from the fallout from the breach.

While the attack is not thought to have affected other parts of Sony's business, it is certainly not the first time the company's business units have found themselves under attack from hackers.

The firm's Playstation Network was knocked offline earlier this year by a Distributed Denial of Service attack, while an earlier hack on the gaming platform in 2011 resulted in the firm being hit with a 250,000 fine by the UK Information Commissioner's Office (ICO).

This story was initially published on 25/11/14, but has been subsequently updated (most recently on 21/10/15) to reflect details of the data leaks, the suspected source of the attack, the cancelled release date and the claims the NSA had access to North Korean hackers' IT systems.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.