Remember the Sony pictures hack story co-ordinated by Lulz right ? Lulz Sec have overstated its level of success by declaring it had stolen 1,000,000 passwords from Sony Pictures — turns out the number is closer to 37,500. Now granted, any breach of user data is unacceptable, but when a hacker collective’s haul is less than four percent of what it claimed, everyone can breathe a little easier. The troublemakers may have made off with email addresses, phone numbers, and passwords, but Sony says no credit card or social security numbers were compromised. The company issued a statement, which you’ll find after the break, and is working with the FBI to track down those responsible. Hopefully this finally closes the door on Sony’s security woes.
Sonypictures.com data security incident
June 8, 2011 – Sony Pictures Entertainment (SPE) has provided notice to the approximately 37,500 people who may have had some personally identifiable information stolen during the recent attack on sonypictures.com. SPE did not request, and the stolen information did not include, any credit card information, social security numbers or driver license numbers from these people.
* * * *
On June 2, 2011, we learned we were the target of a cyberattack when a hacker claimed that he had recently broken into sonypictures.com. Upon learning of this cyberattack, our team retained outside experts to conduct an investigation and forensic analysis. In addition, we promptly took offline all potentially affected databases containing personally identifiable information and contacted the U.S. Federal Bureau of Investigation. We are working with the FBI to assist in the identification of those responsible for this crime.
We greatly appreciate your patience, understanding and goodwill as we work to resolve these issues quickly and efficiently.
We are continuing to investigate the details of this cyberattack; however, we believe that one or more unauthorized persons may have obtained some or all of the following information that you may have provided to us in connection with certain promotions or sweepstakes: name, address, email address, telephone number, gender, date of birth, and website password and user name.
For your security, we encourage you to be aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony Pictures Entertainment will not contact you by email or otherwise to ask for your credit card number or social security number. If you are asked for this information, you can be confident Sony Pictures Entertainment is not the entity asking. When our website features are fully restored, we strongly recommend that you log on and change your password. If you use your Sony Pictures website user name or password for other unrelated services or accounts, we strongly recommend that you change them there, as well.
If you have concerns about the effect of this cyberattack on information you may have provided to us, we have listed below additional information and resources for your consideration:
U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
At no charge, U.S. residents can have the three major U.S. credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.
Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov.
We will provide you separately with information about a complimentary offering to assist you to the extent you may be interested in enrolling in identity theft protection services and/or similar programs.
We thank you for your patience as we complete our investigation of this cyberattack, and we regret any inconvenience. Our teams are working to restore as soon as possible any website features that have been disabled. Please contact our Toll Free Information Line at 1-855-401-2644, Monday-Friday, between 9 am and 5 pm Central, should you have any additional questions.
Sony Pictures Entertainment Inc.