Inside Sony Pictures, employees are panicking about their hacked personal data
LatestThis week’s revelation of a deep, wide-ranging computer hack at Sony Pictures – which brought thousands of executive salaries, Social Security numbers, and other highly confidential documents out into the open – has sent shock waves through Hollywood studios, sparked rumors of North Korean involvement, and opened a FBI investigation. As Sony Pictures executives rushed to contain the leaks and lock down the company’s systems on Tuesday, the studio’s Culver City lot erupted in quiet pandemonium, as employees began to fear that their most private information would be made public.
Several Sony Pictures employees, all of whom asked to remain anonymous for fear of angering studio management during a sensitive time, told me that the mood at the studio’s lot this week is one of confusion and panic, as workers try to figure out if their information is vulnerable.
“Everyone’s looking to the IT department to say, ‘How did you let this happen?'” said one employee in Sony Pictures’ finance department.
“People are in a frenzy, especially people in HR and finance,” a junior studio worker told me. “They’re all freaked out, and nobody knows what to do.”
The chaos at Sony Pictures began last Monday morning, when an image of a skeleton with the phrase “Hacked By #GOP” appeared on computer screens at the company. (GOP is thought to stand for Guardians of Peace, a hacking group that is taking credit for the attack.) Sony Pictures’ network subsequently went down for two days, forcing employees to use personal e-mail accounts, work from home, and in some cases, resort to paper and pencil to do their work. Fearing a further hack of credit-card data, the shops and cafés on the studio’s lot switched to cash-only, and the Yogurtland frozen yogurt store located on the lot closed altogether. Even the corporate gym was affected, workers said, as the hack took its electronic sign-in system offline.
On Monday, employees lined up at the Sony Pictures lot to receive new login credentials for the corporate network, and were told not to log into their company-issued desktops until the breach had been resolved, according to two employees. Some employees set up makeshift Gmail accounts to hold their work-related communications, while others simply used their personal accounts. The studio eventually restored Internet access to many employees, but without access to their files, these workers found their normal routines interrupted.
“It’s just business as usual, if the year was 2002,” one Sony TV staffer wrote to me in a Facebook message. “[There are] lots of PAs having to run jump-drives back and forth all over the place, and hand delivering hard copies of files and scripts.”
Despite these annoyances, several employees said that the scope of the hack didn’t sink in until late Monday, when Fusion published a story detailing a leaked spreadsheet containing thousands of employee salaries. On Tuesday, Fusion also revealed that hackers had 3,800 employee Social Security numbers had been included in the leak, along with spreadsheets detailing hirings and firings, performance evaluations, and even division-by-division budgets.
“I don’t think anyone understood the breadth of what was about to happen,” the junior studio worker said. “Last week when we came into the offices, we were like, is this a joke? It got real when the Social Security numbers got released.”
Adding to the confusion were widespread rumors that the hack may have been connected to The Interview, an upcoming Sony comedy starring Seth Rogen and James Franco, whose plot concerns an attempt to kill North Korean leader Kim Jong Un. Several news outlets reported that Sony was investigating whether North Korean hackers may have coordinated the attack as retribution for the movie’s release. And Sony Pictures staffers joked amongst themselves that perhaps the hack itself had been a bit of clever hype for the film.
“At first you heard lots of jokes like, ‘Oh man, can you imagine the publicity for this movie?'” the TV staffer said. “But I do think people got nervous about potentially having Social Security numbers floating around out there.”
Most of the half-dozen Sony Pictures employees I spoke to said they had heard about the leaks primarily from news reports, rather than from the company’s management. The lack of reliable information from their superiors contributed, they said, to an atmosphere of worry and speculation. Employees wondered how much financial damage the hack would do to Sony, and whether their year-end bonuses would be affected as a result. Temporary workers on the Sony Pictures lot (known as “red badges”) were not paid on schedule last week due to the network downtime, one employee said, which made many of them nervous. And fears about identity theft led many employees to change their passwords.
“I don’t think anyone was really freaking out until they realized that not only did [hackers] get this information, but they’re releasing it,” the finance employee said.
Several of the sites that had hosted the leaked archives took them down on Monday, leaving Sony employees without a way to check if their data had been affected by the breach. On Tuesday, I received several e-mails from Sony Pictures employees, asking me to check if their names were among those listed in the documents. (Invariably, they were.)
Sony Pictures has not responded to my requests for comment. But the studio acknowledged on Tuesday that it had been the victim of a big attack. “It is now apparent that a large amount of confidential Sony Pictures Entertainment data has been stolen by the cyber attackers, including personnel information and business documents,” Sony chiefs Amy Pascal and Michael Lynton wrote to staffers, in a memo obtained by The Hollywood Reporter. They continued: “This theft of Sony materials and the release of employee and other information are malicious criminal acts, and we are working closely with law enforcement.”
In the Tuesday memo, the studio announced that all Sony Pictures employees would receive identity protection services from a third-party firm, AllClear ID. But the offer struck several Sony Pictures employees as too little, too late. The damage is already done, they said: the concern among the rank-and-file runs deep.
Now, with their most sensitive personal information floating around the Internet, Sony Pictures employees are left with little to do but keep abreast of the continued fallout from the hack, speculate on who might have been behind it, and hope that their data will stay safe from the worst forms of misuse.
“It’s totally the elephant in the room,” the junior studio worker told me. “Every hour, something else gets released, and it’s like, ‘What? What happened now?’”