With leftover egg still dripping from its face, Sony today said it provided notice to around 37,500 people whose accounts may have been compromised in the recent hacker attack against Sony Pictures Entertainment (SPE). While hackers made off with personally identifiable information, Sony insists that stolen information did not include any credit card numbers, social security numbers, or drivers license numbers.
"On June 2, 2011, we learned we were the target of a cyberattack when a hacker claimed that he had recently broken into sonypictures.com. Upon learning of this cyberattack, our team retained outside experts to conduct an investigation and forensic analysis," Sony said in a Consumer Alert posted today. "In addition, we promptly took offline all potentially affected databases containing personally identifiable information and contacted the U.S. Federal Bureau of Investigation. We are working with the FBI to assist in the identification of those responsible for this crime."
Sony said it's continuing to investigate the details of the cyberattack, and that one or more hackers may have made off with names, addresses, email addresses, telephone numbers, gender information, dates of birth, and website user names and passwords.
"For your security, we encourage you to be aware of email, telephone, and postal mail scams that ask for your personal or sensitive information," Sony warns. "Sony Pictures Entertainment will not contact you by email or otherwise ask for yur credit card number or social security numbers."
Sony has had a heck of a time dealing with hacker attacks the last couple of months. With regards to this latest breach, the hacker group known as "LulzSec" said that "SonyPictures.com was owned by a very simple SQL injection" and that Sony "was asking for it," due in part to storing over a million passwords in plaintext.