Sony Pictures, Sony Corporation of America

Under Review: 
No Review
Date Breach Made Public: 
June 6, 2011
New York , NY
United States
Records Breached: 

1,000,000 (No SSNs or financial information reported)

Breach Total Number: 
Year of Breach: 
Type of organization: 
Type of breach: 

Hackers called LulzSec obtained over one million Sony customer passwords.  The hackers located data that included passwords, email addresses, phone numbers, home addresses, and dates of birth.  The information was not encrypted and was posted on LulzSec's website.  People wishing to enter online sweepstakes entered their real or fake information.  Anyone who used their Sony Pictures sweepstakes password for another account should immediately change their passwords so that they do not match each other.

UPDATE (08/28/2012): A second suspect has been arrested for his alleged role in a computer breach at Sony Pictures Entertainment.  He faces one count of conspiracy and once count of unauthorized impairment of a protected computer. Sony claims that 37,500 of the one million users affected had personal information exposed.

UPDATE (04/18/2013): One of the hackers involved in the breach was sentenced to one year in prison.  He was also sentenced to 13 months of home detention and 1,000 hours of community service after release.

UPDATE (08/08/2013): The hacker who was sentenced on April 18 was also ordered to pay $605,663 in restitution.