BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Consumer Alert: Sonypictures.com data security incident

From: security curmudgeon <jericho () attrition org>
Date: Wed, 8 Jun 2011 05:47:49 -0500 (CDT)

http://www.sonypictures.com/corp/consumeralert.html

June 8, 2011 - Sony Pictures Entertainment (SPE) has provided notice to 
the approximately 37,500 people who may have had some personally 
identifiable information stolen during the recent attack on 
sonypictures.com. SPE did not request, and the stolen information did not 
include, any credit card information, social security numbers or driver 
license numbers from these people.
* * * *

On June 2, 2011, we learned we were the target of a cyberattack when a 
hacker claimed that he had recently broken into sonypictures.com. Upon 
learning of this cyberattack, our team retained outside experts to conduct 
an investigation and forensic analysis. In addition, we promptly took 
offline all potentially affected databases containing personally 
identifiable information and contacted the U.S. Federal Bureau of 
Investigation. We are working with the FBI to assist in the identification 
of those responsible for this crime.

We greatly appreciate your patience, understanding and goodwill as we work 
to resolve these issues quickly and efficiently.

We are continuing to investigate the details of this cyberattack; however, 
we believe that one or more unauthorized persons may have obtained some or 
all of the following information that you may have provided to us in 
connection with certain promotions or sweepstakes: name, address, email 
address, telephone number, gender, date of birth, and website password and 
user name.

For your security, we encourage you to be aware of email, telephone, and 
postal mail scams that ask for personal or sensitive information. Sony 
Pictures Entertainment will not contact you by email or otherwise to ask 
for your credit card number or social security number. If you are asked 
for this information, you can be confident Sony Pictures Entertainment is 
not the entity asking. When our website features are fully restored, we 
strongly recommend that you log on and change your password. If you use 
your Sony Pictures website user name or password for other unrelated 
services or accounts, we strongly recommend that you change them there, as 
well.

If you have concerns about the effect of this cyberattack on information 
you may have provided to us, we have listed below additional information 
and resources for your consideration:

     * U.S. residents are entitled under U.S. law to one free credit report 
annually from each of the three major credit bureaus. To order your free 
credit report, visit www.annualcreditreport.com or call toll-free (877) 
322-8228.
     * At no charge, U.S. residents can have the three major U.S. credit 
bureaus place a "fraud alert" on your file that alerts creditors to take 
additional steps to verify your identity prior to granting credit in your 
name. This service can make it more difficult for someone to get credit in 
your name. Note, however, that because it tells creditors to follow 
certain procedures to protect you, it also may delay your ability to 
obtain credit while the agency verifies your identity. As soon as one 
credit bureau confirms your fraud alert, the others are notified to place 
fraud alerts on your file. Should you wish to place a fraud alert, or 
should you have any questions regarding your credit report, please contact 
any one of the agencies listed below.
           o Experian: 888-397-3742; www.experian.com; P.O. Box 9532, 
Allen, TX 75013
           o Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, 
Atlanta, GA 30374-0241
           o TransUnion: 800-680-7289; www.transunion.com; Fraud Victim 
Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
     * You may wish to visit the web site of the U.S. Federal Trade 
Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 
or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further 
information about how to protect yourself from identity theft. Your state 
Attorney General may also have advice on preventing identity theft, and 
you should report instances of known or suspected identity theft to law 
enforcement, your State Attorney General, and the FTC. For North Carolina 
residents, the Attorney General can be contacted at 9001 Mail Service 
Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or 
www.ncdoj.gov.
     * We will provide you separately with information about a 
complimentary offering to assist you to the extent you may be interested 
in enrolling in identity theft protection services and/or similar 
programs.

We thank you for your patience as we complete our investigation of this 
cyberattack, and we regret any inconvenience. Our teams are working to 
restore as soon as possible any website features that have been disabled. 
Please contact our Toll Free Information Line at 1-855-401-2644, 
Monday-Friday, between 9 am and 5 pm Central, should you have any 
additional questions.

Sincerely,

Sony Pictures Entertainment Inc.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: