General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsI just received my notice from Sony Pictures
I worked there several years ago.
SPE has determined that the cause of the disruption was a brazen cyber attack. After identifying the disruption, SPE took prompt action to contain the cyber attack, engaged recognized security consultants and contacted law enforcement.
SPE learned on December 1, 2014, that the security of personally identifiable information that SPE received about you and/or your dependents during the course of your current or prior employment with SPE potentially may have been compromised as a result of such brazen cyber attack. Although SPE is in the process of investigating the scope of the cyber attack, SPE believes that the following types of personally identifiable information that you provided to SPE may have been obtained by unauthorized individuals: (i) name, (ii) address, (iii) social security number, driver's license number, passport number, and/or other government identifier, (iv) bank account information, (v) credit card information for corporate travel and expense, (vi) username and passwords, (vii) compensation and (viii) other employment related information. In addition, unauthorized individuals may have obtained (ix) HIPAA protected health information, such as name, social security number, claims appeals information you submitted to SPE (including diagnosis), date of birth, home address, and member ID number to the extent that you and/or your dependents participated in SPE health plans, and (x) health/medical information that you provided to SPE outside of SPE health plans.
There's more info about how to protect your personal info and what services they will provide.
MADem
(135,425 posts)Detection is less likely when you're down to skeleton crews.
Rex
(65,616 posts)Did they have all day to hack into Sony!? Geezus.
Kablooie
(18,626 posts)Sheldon Adelson's casinos were hacked awhile ago also but they kept it secret.
They had 5 IT guys to handle 25,000 computers.
Rex
(65,616 posts)That they've been hacking for months or that Sony hired 5 guys to monitor 25k computers. When you say 5 guys, do you mean five managers that have their own NOC to run or just five individuals?
Kablooie
(18,626 posts)sony had a full IT department but I remember when I worked there I had access to a lot of the company servers. I sometimes wandered around to different department directories out of curiosity.
Where I work now I only have access to the servers for the project I'm working on.
Rex
(65,616 posts)Yeah 25k systems would require quite a few domains and servers. It is simply crazy what you find out when you put a packet sniffer on a commercial server.
You soon discover that people try and hack into servers all the time all day from all over the planet. Most of it is just automation, but some is human intrusion.
Crazy stuff.
Kablooie
(18,626 posts)Sony's CG computers were all Windows based and hold all the data for movie special effects. There could be a hell of a lot of work destroyed if the hackers brought those down. I keep hearing that the hack erased and physically destroyed Sony computers but I haven't heard of any production data was lost.
Since the hack has been going on for so long the offsite backup data is probably contaminated too. If you restore it you will just be reinstalling the virus.
I don't know how you could really repair something like this.
Journeyman
(15,031 posts)May as well have stored all those records in old peach boxes out back by the dumpster if they weren't going to take minimal care to make it all secure. At least, stacked in old rotting boxes behind the building, the thieves at least would have had to physically climb into the dumpster to get the info. You could then had hope that the smell of rotting lettuce and the slime of rancid garbage might deter the thieves. Instead, it was evidently kept on an easily accessible server that seemingly anyone with a computer could tap into without even having to put on their shoes.
randome
(34,845 posts)If you think Sony was incompetent (and they may very well have been), then you must hold the same opinion of every company that's ever been hacked and even Microsoft, Apple and Google for not having perfect security measures in place.
There's no such thing as 'perfect' in the digital age.
[hr][font color="blue"][center]If you're not committed to anything, you're just taking up space.
Gregory Peck, Mirage (1965)[/center][/font][hr]
davidpdx
(22,000 posts)I hope the latter.
Kablooie
(18,626 posts)I also don't know if it will be released to the public or not.
I know I didn't send any embarrassing emails and didn't save my personal passwords on my work computer.
All I can do is use the protective measures they recommend and hope for the best.
davidpdx
(22,000 posts)Having someone on DU go through this really brings home the idea that it can happen to anyone.
msanthrope
(37,549 posts)so it's not gospel.)
NightWatcher
(39,343 posts)I guess that was responsible and nice of them.