Sony Hack: Letter to Studio Employees Details Compromised Personal Data
Hacked information may include Social Security numbers, driver’s license numbers, passport numbers and medical information, according to the letter
In a letter to employees, Sony Pictures Entertainment acknowledged the enormous breadth of personal data that may have been compromised by hackers and offered workers and their dependents 12 months of identity protection services at no charge.
The Dec. 8 missive, now available on the California Attorney General’s website, references the “brazen cyber attack” and says that compromised data may include “(i) name, (ii) address, (iii) social security number, driver's license number, passport number, and/or other government identifier, (iv) bank account information, (v) credit card information for corporate travel and expense, (vi) username and passwords, (vii) compensation and (viii) other employment related information.”
Other compromised data, according to the letter, may include “(ix) HIPAA protected health information, such as name, social security number, claims appeals information you submitted to SPE (including diagnosis and disability code), date of birth, home address, and member ID number…and (x) health/medical information that you provided to us outside of SPE health plans.”
Press reports indicate that Social Security numbers and medical information were indeed among the categories of data obtained by the hackers, a group calling itself Guardians of Peace.
The letter was sent pursuant to a California law that requires notice of data breaches.