Sony cyber-attack: 3,800 employee SINs, confidential data leaked online

TORONTO – The cyber-attack that devastated Sony Pictures’ internal computers last week is quickly becoming one of the worst corporate hacks in history.

Confidential internal data was leaked online this week, including salary numbers, layoff strategies, employee details and 3,800 social insurance numbers (SINs). According to reports, the leak contains information from about 6,000 Sony employees.

Hackers attacked Sony Pictures’ systems last week, knocking corporate email and other internal systems offline. Sony workers reportedly saw a message appear on their computer screens that read, “Hacked by #GOP,” which may be the initials of a group calling itself “Guardians of Peace.”

READ MORE: FBI warned U.S. companies of malware following Sony hack says report

Since the attack, five Sony Pictures films have been leaked online, including the remake of the classic film Annie that isn’t supposed to hit theatres until Dec. 19.

There is some speculation that the cyber-attack could be linked to Sony Pictures’ forthcoming film The Interview, in which comedians Seth Rogen and James Franco star as journalists enlisted by the CIA to assassinate North Korean leader Kim Jong-Un.

Sony has denied reports that it planned to name North Korea as a source in the attack.

READ MORE: Experts cite similarities between Sony hack and 2013 South Korean hacks

However, three independent researchers told The Associated Press there are intriguing signs of a North Korean link to the attack. The cybersecurity experts said they found striking similarities between the code used in the hack of Sony Pictures Entertainment and attacks blamed on North Korea that targeted South Korean companies and government agencies last year.

Sony is working with the FBI and Silicon Valley security firm FireEye to investigate the attack.

Stolen SINs pose greater risk to employees

This latest leak could pose a serious risk for Sony Pictures employees. A social insurance number is a nine-digit number the government uses to track your income and taxes owed.

According to Kellman Meghu, head of security engineering at Checkpoint Software Technologies, if someone had your SIN and personal details like your name, address, or date of birth, they could open credit card accounts in your name, apply for bank loans and even commit full-blown identity theft by taking over your existing accounts.

“Anybody with that number and a few other details about you could start to generate some dangerous fraud,” said Meghu told Global News earlier this year.

Black eye for Sony’s security practices

This isn’t the first time that Sony has been targeted by hackers.

In 2011, members of the hacker group LulzSec attacked Sony’s PlayStation Network in the United States and Europe, compromising about 100 million accounts and crippling the system for nearly a month.

Sony was highly criticized for taking several days to tell the public that the hackers stole user information, including encrypted credit card data.

Months before, Sony Ericsson’s Canadian website was breached and hackers were able to steal data from over 2,000 customers.