General Discussion

Kablooie

(18,626 posts) Fri Dec 19, 2014, 04:07 AM Dec 2014

I just received my notice from Sony Pictures

I worked there several years ago.

Sony Pictures Entertainment ("SPE&quot

is writing to provide you with information about a significant system disruption SPE experienced on Monday, November 24, 2014.

SPE has determined that the cause of the disruption was a brazen cyber attack. After identifying the disruption, SPE took prompt action to contain the cyber attack, engaged recognized security consultants and contacted law enforcement.

SPE learned on December 1, 2014, that the security of personally identifiable information that SPE received about you and/or your dependents during the course of your current or prior employment with SPE potentially may have been compromised as a result of such brazen cyber attack. Although SPE is in the process of investigating the scope of the cyber attack, SPE believes that the following types of personally identifiable information that you provided to SPE may have been obtained by unauthorized individuals: (i) name, (ii) address, (iii) social security number, driver's license number, passport number, and/or other government identifier, (iv) bank account information, (v) credit card information for corporate travel and expense, (vi) username and passwords, (vii) compensation and (viii) other employment related information. In addition, unauthorized individuals may have obtained (ix) HIPAA protected health information, such as name, social security number, claims appeals information you submitted to SPE (including diagnosis), date of birth, home address, and member ID number to the extent that you and/or your dependents participated in SPE health plans, and (x) health/medical information that you provided to SPE outside of SPE health plans.

There's more info about how to protect your personal info and what services they will provide.

14 replies

= new reply since forum marked as read

Highlight:

I just received my notice from Sony Pictures (Original Post) Kablooie Dec 2014 OP

They knew no one would be working very hard on Thanksgiving week, I guess. MADem Dec 2014 #1

Holyshit, they got everything! Does Sony not have an IT/ISM team? Rex Dec 2014 #2

They invaded the system months ago and have been downloading data since then. Kablooie Dec 2014 #3

Wow. I don't know what is worse about your reply. Rex Dec 2014 #4

The 5 guys were Adelson's casino IT, not Sony. Kablooie Dec 2014 #5

Oh okay sorry got lost there. Rex Dec 2014 #6

I always have used a Mac so the viruses "die" as soon as they enter the system. Kablooie Dec 2014 #7

It's not a hack and it can't be a breach if there were no effective safeguards in place. . . Journeyman Dec 2014 #8

The majority of hacking involves employees on the inside. randome Dec 2014 #11

Did they have a lot of your information or just some? davidpdx Dec 2014 #9

I don't know. Kablooie Dec 2014 #10

God that is scary. I'm sorry you have to go through that davidpdx Dec 2014 #12

Apparently...they got medical records. (This is according to George Clooney, msanthrope Dec 2014 #14

I didn't get that much when my former employer was hacked and employee info stolen NightWatcher Dec 2014 #13

MADem

(135,425 posts)

1. They knew no one would be working very hard on Thanksgiving week, I guess.

Reply to Kablooie (Original post)

Fri Dec 19, 2014, 04:12 AM

Dec 2014

Detection is less likely when you're down to skeleton crews.

Rex

(65,616 posts)

2. Holyshit, they got everything! Does Sony not have an IT/ISM team?

Reply to Kablooie (Original post)

Fri Dec 19, 2014, 04:20 AM

Dec 2014

Did they have all day to hack into Sony!? Geezus.

Kablooie

(18,626 posts)

3. They invaded the system months ago and have been downloading data since then.

Reply to Rex (Reply #2)

Fri Dec 19, 2014, 04:25 AM

Dec 2014

Sheldon Adelson's casinos were hacked awhile ago also but they kept it secret.
They had 5 IT guys to handle 25,000 computers.

Rex

(65,616 posts)

4. Wow. I don't know what is worse about your reply.

Reply to Kablooie (Reply #3)

Fri Dec 19, 2014, 04:31 AM

Dec 2014

That they've been hacking for months or that Sony hired 5 guys to monitor 25k computers. When you say 5 guys, do you mean five managers that have their own NOC to run or just five individuals?

Kablooie

(18,626 posts)

5. The 5 guys were Adelson's casino IT, not Sony.

Reply to Rex (Reply #4)

Fri Dec 19, 2014, 04:36 AM

Dec 2014

sony had a full IT department but I remember when I worked there I had access to a lot of the company servers. I sometimes wandered around to different department directories out of curiosity.
Where I work now I only have access to the servers for the project I'm working on.

Rex

(65,616 posts)

6. Oh okay sorry got lost there.

Reply to Kablooie (Reply #5)

Fri Dec 19, 2014, 04:40 AM

Dec 2014

Yeah 25k systems would require quite a few domains and servers. It is simply crazy what you find out when you put a packet sniffer on a commercial server.

You soon discover that people try and hack into servers all the time all day from all over the planet. Most of it is just automation, but some is human intrusion.

Crazy stuff.

Kablooie

(18,626 posts)

7. I always have used a Mac so the viruses "die" as soon as they enter the system.

Reply to Rex (Reply #6)

Fri Dec 19, 2014, 04:48 AM

Dec 2014

Sony's CG computers were all Windows based and hold all the data for movie special effects. There could be a hell of a lot of work destroyed if the hackers brought those down. I keep hearing that the hack erased and physically destroyed Sony computers but I haven't heard of any production data was lost.
Since the hack has been going on for so long the offsite backup data is probably contaminated too. If you restore it you will just be reinstalling the virus.
I don't know how you could really repair something like this.

Journeyman

(15,031 posts)

8. It's not a hack and it can't be a breach if there were no effective safeguards in place. . .

Reply to Kablooie (Original post)

Fri Dec 19, 2014, 05:56 AM

Dec 2014

May as well have stored all those records in old peach boxes out back by the dumpster if they weren't going to take minimal care to make it all secure. At least, stacked in old rotting boxes behind the building, the thieves at least would have had to physically climb into the dumpster to get the info. You could then had hope that the smell of rotting lettuce and the slime of rancid garbage might deter the thieves. Instead, it was evidently kept on an easily accessible server that seemingly anyone with a computer could tap into without even having to put on their shoes.

randome

(34,845 posts)

11. The majority of hacking involves employees on the inside.

Reply to Journeyman (Reply #8)

Fri Dec 19, 2014, 12:12 PM

Dec 2014

If you think Sony was incompetent (and they may very well have been), then you must hold the same opinion of every company that's ever been hacked and even Microsoft, Apple and Google for not having perfect security measures in place.

There's no such thing as 'perfect' in the digital age.
[hr][font color="blue"][center]“If you're not committed to anything, you're just taking up space.”
Gregory Peck, Mirage (1965)[/center][/font][hr]

davidpdx

(22,000 posts)

9. Did they have a lot of your information or just some?

Reply to Kablooie (Original post)

Fri Dec 19, 2014, 07:08 AM

Dec 2014

I hope the latter.

Kablooie

(18,626 posts)

10. I don't know.

Reply to davidpdx (Reply #9)

Fri Dec 19, 2014, 12:06 PM

Dec 2014

I also don't know if it will be released to the public or not.
I know I didn't send any embarrassing emails and didn't save my personal passwords on my work computer.

All I can do is use the protective measures they recommend and hope for the best.