Pierluigi Paganini December 10, 2014

GOP released a new archive of Sony Pictures Entertainment confidential data including private information of employees, celebrity phone numbers, film scripts and many more.

The Sony Pictures data breach is becoming a never ending history, the GOP is leaking company data and much more since the attack while security firms are providing the details of their analysis of the wiper malware used in the attack. The damage is significant for the company and a significant impact on its employees and all those who have maintained a working relationship with it.

The hackers after the disclosure online of Sony Pictures Entertainment’ sensitive data, started to use them to treat company staff and to prepare further attacks. It is news of the day that experts at Kaspersky Lab have detected a new strain of Destover malware digitally signed with Sony certificates stolen in the cyber attacks, a technique that could allow the group to hit many other targets avoiding detection of not upgraded defense systems.

The Guardians of Peace (GoP) that took responsibility for the massive attack against Sony Pictures Entertainment, have released a new batch of strictly confidential data including private information of its employees, celebrity phone numbers and their travel aliases, upcoming film scripts, film budgets and many more.

Earlier this week, the GOP has released online several hundred gigabytes data that according TheHackerNews portal includes:

• Movies’ Financial Data – a large file detailed financial data which includes revenues and budget costs, for all of Sony’s recent films.
• Unreleased Movie Scripts – unreleased scripts for upcoming movies, including The Wedding Ringer with Kevin Hart (2015), Paul Blart Mall Cop 2 (2015), the animated film Pixels (2015) and the animated filmSausage Party with Seth Rogen and Kristen Wiig, have also been released.
• Celebrities’ Personal Data – a huge dump of information related to celebrities’ personal data, including aliases formerly used by famous actors has also been released which is really embarrassing for the company. Brad Pitt‘s phone number is also listed, which could be of his assistant. Seth Rogen and Emma Stone’s personal email addresses, as well as Jesse Eisenberg’s home address have also been leaked among a lot of emails and phone numbers for lesser-known celebrities.
• Release Schedules – a number of files detailed confidential movie release schedules, both for Sony Pictures Entertainment and Sony-owned Columbia Pictures.
• Invoices – a folder contains hundreds of invoices related to various movie projects, including Skyfall, Captain Phillips and Smurfs 2.
• Bank Accounts – there are files which contain dozens of bank accounts, both personal and belonging to Sony corporation.
• Sony’s Promotional Activities – a bill detailed Sony Pictures Entertainment expenditure when promoting movies, which includes Tom Hanks, Naomie Harris’ hair styling bill, the Skyfall London premiere in 2012, along with bills that Sony spent in distributing gifts.

The situation is becoming embarrassing and the information leaked are damaging the reputation of the company. According to a post published by the Reuters Agency, the economic impact of the attack against Sony Pictures Entertainment could be greater than$100 million. Experts who have analyzed the economic impact of previous attacks told Reuters that though the cost would be less than the $171 million Sony estimated when its Playstation Network was hacked in 2011.

“The attack, believed to be the worst of its type on a company on U.S. soil, also hits Sony’s reputation for a perceived failure to safeguard information, said Jim Lewis, senior fellow at the Center for Strategic and International Studies.”Usually, people get over it, but it does have a short-term effect,” said Lewis, who estimated costs for Sony could stretch to $100 million.” reports the Reuters.

The estimation result from the evaluation of the cost of data breaches occurred in the past. The cost includes investigation activities, loss of trade secrets, computer repair or replacement, and steps to prevent a future attack. But we have to consider damaged to the reputation and overall lost productivity while operations were interrupted.

While Sony Pictures Entertainment has declined to estimate costs, confirming that the company is still assessing the impact.