Sony details employee data compromised in GOP hack

After having disclosed the extent of the employees’ information stolen in the recent hack to the California Attorney General’s Office, Sony Pictures Entertainment (SPE) has sent out an email to the affected workers, outlining the scope of the potential damage the “brazen cyber attack” might bring to them personally.

“Although SPE is in the process of investigating the scope of the cyber attack, SPE believes that the following types of personally identifiable information that you provided to SPE may have been obtained by unauthorized individuals: (i) name, (ii) address, (iii) Social Security Number, driver’s license number, passport number, and/or other government identifier, (iv) bank account information, (v) credit card information for corporate travel and expense, (vi) username and passwords, (vii) compensation and (viii) other employment related information,” the letter described.

“In addition, unauthorized individuals may have obtained (ix) HIPAA protected health information, such as name, Social Security Number, claims, appeals information you submitted to SPE (including diagnosis and disability code), date of birth, home address, and member ID number to the extent that you and/or your dependents participated in SPE health plans, and (x) health/medical information that you provided to us outside of SPE health plans.”

The company goes on to say that they will offer all employees a year of identity protection services for free, and urges them to be on the lookout for phishing emails or telephone calls made by scammers looking to extract more information from them.

They are also advised to learn more about how to go about protecting themselves from identity theft, to order a free anual credit report, to place fraud alerts on their file with credit bureaus, to regularly review their bank account statements, monitor their credit reports and change their passwords.

The letter doesn’t say it, but information contained in the employees’ HR records – salaries, job details, personnel reviews, and so on – was also compromised.

Don't miss