Researchers say that the Sony Pictures Entertainment (SPE) hack last month appears to have leaked a lot of personal data including more than 47,000 Social Security numbers, sensitive information of celebrities, freelancers, as well as current and former Sony employees. The leaked data of some of the celebrities include Sylvester Stallone, director Judd Apatow and Australian actress Rebel Wilson. Hackers also leaked Sony Pictures films, which were not yet officially released, including the titles “Still Alice,” “Annie,” “Mr. Turner” and “To Write Love On Her Arms.”
An analysis of 33,000 leaked SPE documents showed that the leaked files included personal information, salaries, and home addresses for employees and freelancers who worked at the studio. Leaked information also included employee contracts, termination dates, termination reason, and other sensitive information, all of which was stored in Microsoft Excel files without any security. This strongly raises a question for large companies and organizations that store customer and employee information on computers attached to the Internet.
Researchers say that a lot of duplicate data was found including Sony Entertainment co-chairperson Amy Pascal’s Social Security number, which was found in 104 separate locations, whereas personal information of its CEO Michael Lynton’s was found in 93 files. Such sensitive data with multiple copies found on multiple employees’ computers, increases an organization’s security risk.
When multiple copies of highly confidential data are available on multiple locations then it offers multiple opportunities for cybercriminals to steal this sensitive information. Moreover, theft of sensitive customer information causes serious damage to organization’s reputation, ruining its brand image in the eyes of consumers.
Further to this attack, US Federal Bureau of Investigation, FBI has warned businesses that hackers are targeting organizations and they have used advanced malware to launch destructive attacks in the United States.
One thing to be learned from the recent data breaches is that, every industry is vulnerable to attack. Cybercriminals are targeting the most sensitive information a company has, and they also have sophisticated attack techniques to steal this content. Hence it is crucial for business to implement extra security, including authentication and encryption of data. This will ensure that only authorized viewers can access the content, however, if an unauthorized user could access this content (which is encrypted), he/she would not be able to read this secured content.
About eScan: eScan, one of the leading Anti-Virus & Content Security solutions for Desktops & Servers is developed and marketed by MicroWorld. It is powered by innovative and futuristic technologies, such as MWL Technology, DIRC Technology, NILP Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provides protection from current threats, but also provides proactive protection against evolving threats.