Sony Pictures Releases Official Statement on the Hacking

ON

sony pictures hacking logoFollowing the announcement on Wednesday that Sony Pictures had cancelled the December 25 theatrical release of The Interview, the studio has now released the following official statement on the hacking it suffered, what information may have been stolen and the identity theft protection services they are offering to people who may have been impacted:

As is being widely reported in the press, Sony Pictures Entertainment (SPE) experienced a significant system disruption on Monday, November 24, 2014. SPE has determined that the cause of the disruption was a brazen cyber attack. After identifying the disruption, SPE took prompt action to contain the cyber attack, engaged recognized security consultants and contacted law enforcement.

SPE learned on December 1, 2014, that the security of certain personally identifiable information about its current and former employees, and their dependents, that participated in SPE health plans and other benefits, and certain production employees potentially may have been compromised. Although SPE is in the process of investigating the scope of the cyber attack, SPE believes that the following types of personally identifiable information that such individuals provided to SPE potentially may have been obtained by unauthorized individuals: (i) name, (ii) address, (iii) social security number, driver’s license number, passport number, and/or other government identifier, (iv) bank account information, (v) credit card information for corporate travel and expense, (vi) username and passwords, (vii) compensation and (viii) other employment related information. In addition, unauthorized individuals may have obtained (ix) HIPAA protected health information, such as name, social security number, claims appeals information submitted to SPE (including diagnosis), date of birth, home address, and member ID number to the extent that the potentially impacted individuals participated in SPE health plans, and (x) health/medical information provided to SPE outside of SPE health plans.

Also on December 1, 2014, SPE began the process of notifying employees that it would be providing identity theft protection services to them and to their dependents. SPE has continued to reach out to potentially impacted individuals with notification about this situation, to offer identity protection services and to provide them with information about how to protect themselves from identity theft and other potential loss. SPE is encouraging potentially impacted employees and former employees to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information, as neither SPE nor anyone acting on its behalf would contact them in any way, including by email, asking for credit card number, social security number/government identifier or other personally identifiable information. Individuals asked for this information can be confident SPE is not the entity asking. To protect against possible identity theft or other financial loss, SPE encourages potentially impacted employees and former employees to remain vigilant, review account statements, monitor credit reports to the extent available, change passwords and to enroll promptly in the identity theft protection services made available to them by SPE.

The purpose of this press release is to take further steps to make sure that potentially impacted individuals receive this information.

Potentially affected individuals can review the full text of individual notifications and/or obtain information about AllClear ID identity protection services that may be available to them at sonypictures.com or by calling the SPE Information and Support Hotline. The U.S. toll free number is: (866) 361-8961; the international number is: +1 (262) 222-0434.