The Sony Hack

In an age where data is supposedly the new oil, FinTech companies have raised serious concerns about data protection and compliance, especially in light of the recent spate of global cyberattacks as the presence of valuable personal information makes FinTech companies increasingly attractive targets for cybercriminals. 

So, let’s dive into another story. 

On Monday, November 24, 2014, a typical week begins at the Sony Pictures Entertainment’s headquarters in Culver City, California – right next to Los Angeles. As employees begin arriving at work they realize that this is far from an ordinary work day.  

The image of a skull flashes on every employee’s computer screen, accompanied by a threatening message warning that “this is just the beginning”. The hackers, calling themselves the Guardians of Peace, go on to say that they have obtained all of Sony’s internal data”, and if demands are not met, they will release Sony’s secrets.  

Because of the hack, the whole Sony network was completely down, rendering Sony employees’ computers completely inoperable. The hack had brought the global corporation to an electronic standstill. 

On November 27, the hackers leaked five upcoming Sony films online. The first of what were to become many subsequent leaks in the days and weeks to follow.  

Speculations began arising that North Korea may be responsible for the attack, in retaliation for the movie The Interview which depicts an attempted assassination of North Korea’s leader, Kim Jong Un. Back in June, when the trailer was first released, North Korea had called the movie an “act of war”, saying that it would carry out strong and merciless countermeasures. 

About a week later, the FBI officially began an investigation, and Sony hired a cyber-security firm to carry out an investigation of the attack.  

In the following days, more leaks are published online, including the salaries of top-paid executives and more than 6,000 employees’ names, job titles, home addresses, salaries and bonus plans.  

Reports also arose that Sony is fighting back, using hundreds of computers in Asia to execute a “denial of service”, a so-called DDOS attack, on sites where its stolen data were being made available.

On December 7, C-Span reported that the hackers had stolen 47,000 unique Social Security numbers from the Sony computer network.  

With this data being leaked on the internet, other cybercriminals instantly swooped in – leading to various fraud, theft and other problems for Sony’s employees.  

On the same day, North Korea denied all involvement – but called it a “righteous deed of the supporters and sympathizers of the country”.  

Beyond just coping with the cyberattack and the various leaks, Sony was also challenged on other fronts, such as by former employees filing class-action lawsuits against the company which they argued had taken inadequate safeguards to protect personal data. Sony also faced a battle with the media, demanding the media to stop reporting on the stolen data, claiming that journalists were abetting criminals in disseminating the stolen information.  

On December 16, Sony hackers threatened a 9/11-style attack on theatres that showed “The Interview”, which led to theatres across the United States cancelling their premieres, and Sony pulling all TV advertising, for the movie. Urged by President Barack Obama, to not give in to the hackers’ demands, Sony instead jumped directly to a digital release.  

On December 19, the FBI officially implicated North Korea in the Sony hack. North Korea proclaimed its innocence and in the following days, heated rhetoric emerged from both countries.  

Now, other security experts register doubts about North Korean involvement in the hack. Another theory puts the finger on angry former employees, whereas others say it was the work of outside hacking groups that simply used the release of The Interview as a cover for their actions.  

Whatever it may be, it is still anybody’s guess who was behind this attack.  

So, the Sony hack was not a single anomaly, as we are witnessing a huge influx in data breaches across the world. Now just to give you a few examples: In 2013, 40 million credit and debit card records were stolen from Target. And, just before the Sony hack, 56 million credit card numbers of Home Depot customers had been breached. In 2017, some of the biggest companies in America were hacked, such as Yahoo, Uber and Equifax. In the case of Equifax, the hack had compromised the data of around 143 million Americans, that is about half of the US population and well over half of the adult population. And the hackers had gained access to over 200 thousand credit cards.  

And in 2018, we know that the Marriot has had a data breach affecting 500 million guests. So, with all these massive data breaches across the world, important questions naturally arise around our key principles of trust, proximity, accountability, cultural lag and privacy. Like, who owns your data – and who is protecting it? Can you trust them? How may data protection be regulated? With recent technological advancements are we able to protect our own data and privacy?