Judd Apatow, Sylvester Stallone and Rebel Wilson were among the roughly 47,000 people whose personal information was hacked during the massive Sony security breach, according to data-security consulting firm Identity Finder.
The New York-based firm said 601 of the 33,254 total leaked files contained Social Security numbers in Acrobat PDFs, Excel spreadsheets and Word documents. When looking through the trove of files, the firm found 47,426 unique SSNs.
The majority of the SSNs -- about 32,000 -- don’t appear to be for current or full-time Sony employees but rather contractors and actors.
And of the roughly 15,000 Sony employees whose information was leaked, about 11,000 are no longer employees at the company. Sony currently has about 6,600 employees.
Some of the listed employees even date back to 1955, while others are as recent as October of 2014. In addition to SSNs, the information released includes employee start date, end date (if applicable), reason for termination (if applicable), full home address, email, total base pay, title and department within Sony.
“There’s no question that the biggest take-away is that Sony and all organizations need to treat sensitive data much more carefully,” Todd Feinman, chief executive of Identity Finder, told The Times. “It’s not a matter of if, it’s a matter of when a hacker gets in. This is the type of confidential information you don’t want people stealing.”
In order to prevent future breaches of such magnitude, Feinman said Sony and other companies need to “reduce the footprint” by better managing sensitive data.
Feinman said he doesn’t think the hacking is the work of North Korea or an insider.
“The data was so random that it didn’t look like an insider who knew what to go after,” he said. “It also didn’t feel like something North Korea would do. I think they would be making a much bigger deal [of it] to embarass Sony.”
Instead, the CEO hypothesizes “people who want to break into corporations to get fame within their hacker communities” are behind the breach.
“I don’t think they were trying to do something malicious to employees,” he said. “But that’s the collateral damage.”
The Wall Street Journal first reported Identity Finder’s analysis.
For more news on the entertainment industry, follow me @saba_h