Fallout from a sobering data breach impacting Sony Pictures Entertainment will undoubtedly take months, even years, to fully assess, but security experts have already begun taking inventory of data exposed in the attack, along with its potential costs to the media giant.
On Thursday, New York-based Identity Finder, a sensitive data management solution provider, shared new insight on the extent of the hack, and resulting data leak. After using its software to crawl more than 33 gigabytes of data leaked by hackers, the company came to the conclusion that more than 47,000 unique Social Security numbers were exposed as a result of the hack.
Todd Feinman, Identity Finder's CEO, said in a blog post, that the automated search turned up over 1.1 million Social Security numbers, but that many of them were copied repeatedly throughout leaked files. And, in an Friday follow up interview with SCMagazine.com, Feinman explained that there “very few numbers that weren't repeated, and that [SSNs] were often put in places where you wouldn't need a Social Security number.”
Among the 47,000 plus SSNs allegedly exposed, more than 15,000 appeared to belong to current and former Sony employees, he revealed. The rest belonged to an array of individuals who held some business ties with the company, including Hollywood actors (Sylvester Stallone was reportedly among those impacted), Screen Actors Guild members, directors, writers and even makeup artists, Feinman said.
Add this to other company information believed to have been stolen and posted online, such as employee birth dates, medical information, login credentials and sensitive human resources data (like salaries and information on terminations) – and an extensive collection of data emerges as a target for fraudsters or others with ill intentions. In the breach, several Sony films, both released and yet to hit theaters, were also leaked online.
Currently, the FBI has confirmed that is investigating the hacking incident at Sony Pictures, which hired security firm Mandiant to probe into the matter after its network was taken down last week. Word from Sony confirming the incident's impact, however, has yet to emerge.