Screen shot from an internal audit report allegedly stolen from Sony and circulating on file-trading networks.
"The recent hacker break-in at Sony Pictures Entertainment appears to have involved the theft of far more than unreleased motion pictures," writes Brian Krebs.
"According to multiple sources, the intruders also stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical and salary information.'
Several files being traded on torrent networks seen by this author include an global Sony employee list, a Microsoft Excel file that includes the name, location, employee ID, network username, base salary and date of birth for more than 6,800 individuals.
Sony officials could not be immediately reached for comment; a press hotline for the company rang for several minutes without answer, and email requests to the company went unanswered. But a comprehensive search on LinkedIn for dozens of the names in the list indicate virtually all correspond to current or former Sony employees.
Another file being traded online appears to be a status report from April 2014 listing the names, dates of birth, SSNs and health savings account data on more than 700 Sony employees. Yet another apparently purloined file's name suggests it was the product of an internal audit from accounting firm Pricewaterhouse Coopers, and includes screen shots of dozens of employee federal tax records and other compensation data.
"Sony Breach May Have Exposed Employee Healthcare, Salary Data" [krebsonsecurity.com]
