Date Made Publicsort ascending Name Entity Type
December 26, 2014 Sony PlayStation
New York, New York
BSO HACK

Unknown

PlayStation and xBox networks over the holiday season. A group calling itself "LizardSquad" hacked both gaming networks on Christmas Day. 

According to the group and KrebsOnSecurity, "various statements posted by self-described LizardSquad members on their open online chat forum - chat.lizardpartrol.com - suggest that these misguided individuals launched the attack for no other reason than because they thought it would be amusing to annoy and dissapoint people who received new Xbox and Playstation consoles as holiday gifts"

More Information: http://krebsonsecurity.com/2014/12/cowards-attack-sony-playstation-micro...

 
Information Source:
Krebs On Security
records from this breach used in our total: 0
November 24, 2014 Sony Pictures
New York, New York
BSO HACK

47,000

Sony Pictures Entertainment has suffered a data breach when hackers posted threatening messages on company computers.

According to a report the threat "began with a skull appearing on screens, and then a strangely ominous message telling users they’d been hacked by something called #GOP. It gets more bizarre as the message claims this is just the beginning and then threatens to release documents by 11 PM this evening."

The company has completely shut down all email communications and employees are not allowed to use company computers while the entertainment giant works through where and what the threat is and if it is real. The original threat did not give specifics or communicate any kind of "ransom" for the data that had supposedly been hacked.

More Information: https://deadline.com/2014/11/sony-computers-hacked-skull-message-1201295...

 

UPDATE (12/5/2014): A data security analyst has discovered information leaked by the hacker (s) goes beyond what was originally reported.

According to the security company Identity Finder, showed that leaked files included vast amount of personal data on "more than 47,000 celebrities, freelancers, and current and former Sony employees".

"An analysis of 33,000 leaked Sony Pictures documents by data security software firm Identity Finder showed that the leaked files included the personal information, salaries and home addresses for employees and freelancers who worked at the studio. Some of the celebrities include Sylvester Stallone, director Judd Apatow and Australian actress Rebel Wilson, according to the Wall Street Journal, which first reported on the analysis".

Additional information such as contracts, termination dates, termination reason and other data was also leaks. Unfortunately these files were in Excel format without any password protection.

More Information: http://www.cnet.com/news/sony-hack-said-to-leak-47000-social-security-nu...

UPDATE (12/16/2014): "Sony Pictures Entertainment has been sued by two self-described former employees who accuse the movie studio of failing to protect Social Security numbers, healthcare records, salaries and other data from computer hackers who attacked it last month.

 The proposed class action lawsuit against Sony Corp's studio was filed on Monday in federal court in Los Angeles. It alleges that the company failed to secure its computer network and protect confidential information."

More Information: http://www.reuters.com/article/2014/12/16/sony-cybersecurity-classaction...

UPDATE (06/16/2015): Sony Pictures Entertainment has been denied a dismissal of a lawsuit brought on by former employees who claim that their personal data was stolen in the 2014 hacking.

The judge stated "Sony created a "special relationship" with its employees by requiring them to provide personal information to be eligible for salaries and benefits."

More Information: http://www.businessinsider.com/r-sony-fails-to-dismiss-lawsuit-over-inte...

UPDATE (09/02/2015): "Lawyers for former Sony Pictures Entertainment employees whose data was breached last year say they have tentatively reached a settlement with the company.

Wednesday's filing in a proposed class-action lawsuit does not detail settlement terms or how many current and former Sony employees would be covered by the settlement.

Plaintiffs' attorney Daniel Girard wrote that he and fellow lawyers believe the settlement is favorable to employees whose personal, financial and medical information was posted online.

Additional details about the settlement are expected to be filed in a Los Angeles federal court by mid-October."

More Information: http://www.usnews.com/news/entertainment/articles/2015/09/02/federal-son...

 
Information Source:
Media
records from this breach used in our total: 47,000
June 6, 2011 Sony Pictures, Sony Corporation of America
New York, New York
BSO HACK

1,000,000 (No SSNs or financial information reported)

Hackers called LulzSec obtained over one million Sony customer passwords.  The hackers located data that included passwords, email addresses, phone numbers, home addresses, and dates of birth.  The information was not encrypted and was posted on LulzSec's website.  People wishing to enter online sweepstakes entered their real or fake information.  Anyone who used their Sony Pictures sweepstakes password for another account should immediately change their passwords so that they do not match each other.

UPDATE (08/28/2012): A second suspect has been arrested for his alleged role in a computer breach at Sony Pictures Entertainment.  He faces one count of conspiracy and once count of unauthorized impairment of a protected computer. Sony claims that 37,500 of the one million users affected had personal information exposed.

UPDATE (04/18/2013): One of the hackers involved in the breach was sentenced to one year in prison.  He was also sentenced to 13 months of home detention and 1,000 hours of community service after release.

UPDATE (08/08/2013): The hacker who was sentenced on April 18 was also ordered to pay $605,663 in restitution.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0
April 27, 2011 Sony, PlayStation Network (PSN), Sony Online Entertainment (SOE)
New York, New York
BSR HACK

101.6 million (12 million unencrypted credit card numbers)

The location listed is the U.S. headquarters of Sony. Additional information reveals that a Sony data center in San Diego was attacked by cyber criminals.

Sony discovered an external intrusion on PSN and its Qriocity music service around April 19. Sony placed an outage to block users from playing online games or accessing services like Netflix and Hulu Plus on Friday April 22. Sony says the outage will continue until the situation is addressed, which will likely be within the next week. Sony believes an unauthorized person has obtained names, addresses, email addresses, dates of birth, PlayStation Network/Qriocity password and login, and handle/PSN online IDs for multiple users. The attacker may have also stolen users' purchase history, billing address, and password security questions. User credit card numbers may have also been obtained. Sony has hired a security firm to investigate the incident and strengthen the network infrastructure by re-building their system to provide greater protection of personal information.

An individual filed a class action lawsuit on behalf of all PSN users following seven days of a Sony PlayStation Network outage. The lawsuit alleges that Sony "failed to encrypt data and establish adequate firewalls to handle a server intrusion contingency, failed to provide prompt and adequate warnings of security breaches, and unreasonably delayed in bringing the PSN service back on line." It also accused Sony of violating the Payment Card Industry (PCI) security standard, which prohibits companies from storing cardholder data.

UPDATE (5/3/2011): A review of Sony's network breach revealed that it was larger than first thought. Sony turned the SOE system off.  Hackers may have taken personal information from an additional 24,600,000 user accounts in Austria, Germany, the Netherlands and Spain. Names, addresses, genders, email addresses, login name and associated password, phone numbers and birth dates of SOE gaming customers, as well as data from about 12,700 credit card accounts and 10,700 bank accounts from an outdated 2007 database could have been accessed.  The outdated account information that may have been obtained by hackers includes credit card numbers, debit card numbers, expiration dates, bank account numbers, customer names, account names and customer addresses. 

The SOE network hosts games that are played over the Internet on personal computers and is separate from the PlayStation network.  Sony has not clearly indicated if credit card numbers were compromised.  At least one report indicates that the numbers were encrypted.  These breached records will not be added to the total until more is known.

UPDATE (5/6/2011): Sony now indicates that some credit card numbers were compromised.  Twelve million credit card numbers were unencrypted and could easily be read.

UPDATE (5/7/2011): Sony discovered that hackers had placed customer information online. Sony removed the information.  It included customer names and addresses from a 2001 Sony database.

Service restoration for the PlayStation network was indefinitely delayed. Additionally, the CEO issued an apology letter.

UPDATE (5/17/2011): Hackers began changing user passwords by using PSN account emails and dates of birth within two days of the partial restoration of the PlayStation Network.  Sony failed to alter the password reset system to account for hackers having obtained user email addresses and dates of birth.  Users who changed their passwords, but not the email associated with their PlayStation Network accounts, were vulnerable to the hacker exploit. Sony shut down the PlayStation Network again and released a short statement about the incident.

UPDATE (5/23/2011): Sony headquarters expects to spend about $171 million on its personal information theft protection program, welcome back programs, customer support, network security enhancements and legal costs associated with the breach.

UPDATE (6/2/2011): Sony fully restored all Playstation Network services in all areas except Japan.  The Playstation Store and Qriocity divisions are now functioning properly.  

UPDATE (6/4/2011): A concise history of the Sony hacks can be found here.

UPDATE (7/21/2011): Zurich American, one of Sony's insurers, is suing to deny releasing data breach coverage funds to Sony.  Sony expects the breach to lower operating profit by $178 million in the current financial year.  A total of 55 class action complaints have been filed.

UPDATE (10/11/2011): Sony Online Entertainment became aware of a large number of unauthorized sign-in attempts.  The attempts took place between October 7 and 10.  About 93,000 PlayStation Network, Sony Entertainment Network, and Sony Online Entertainment services accounts may have been compromised.  The unauthorized parties appear to have verified valid sign-in IDs and passwords after a number of failed attempts.  Sony temporarily locked those accounts. It is unclear if the email addresses were obtained from a previous breach.

UPDATE (10/19/2012): A federal judge found that Sony users signed a privacy policy informing them that Sony's security was not perfect.  Sony was cleared of negligence, unjust enrichment, bailment, and violations of California consumer protection statutes. The judge ruled that plaintiffs could not claim that Sony violated consumer-protection laws because PSN services were free of cost.  This dismissed much of the lawsuit.

UPDATE (12/16/2013): Sony agreed to drop an insurance claim over litigation related to the 2011 breach.

UPDATE (7/30/2014): "Sony recently offered to settle a class action lawsuit over the 2011 breach of its PlayStation Network. According to the terms of the proposed $15 million settlement, the money will be paid out in the form of games. Class members who didn't take advantage of initial "Welcome Back" package of games and memberships offered in 2011 will receive on of the 14 PlayStation 3 or PlayStation Portable games, as well as three of six PS3 themes or a three-month PlayStation Plus subscription. Qriocity users will get one month of free access."

 
Information Source:
Media
records from this breach used in our total: 12,000,000
June 21, 2010 TeleTech, Sony Electronics
Englewood, Colorado
BSR UNKN

Unknown

Customers who placed orders through Sony Style Telesales Department between May 23rd and June 3rd 2010 may have had their credit card information illegitimately copied and sent to parties outside of the TeleTech network. TeleTech is a third party service provider of Sony.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0
Showing 5 results