Sony Entertainment CEO Michael Lynton told employees of the embattled studio Saturday that the hack attack that has resulted in the leak of employees’ personal information and internal business documents is unprecedented in nature.
Lynton’s email message was obtained by Variety and includes a note from Kevin Mandia, the founder of the cyber security firm Mandiant that Sony has tapped in recent weeks to help it respond to the breach.
Mandia argues that Sony could not have been fully prepared for the assault because “the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group.”
The investigation into the incident is ongoing, and Sony has been working with law enforcement officials to try to figure out the cause of the attack and to stop the dissemination of its business information. Mandia’s words also serve to combat any criticism that Sony was inadequately protected against a cyber assault of this nature.
The hacking has left Sony reeling. Personal information of its 3,803 employees has leaked online, along with a spreadsheet purportedly listing salaries of top studio executives. Five of the studio’s films, including “Annie” and “Still Alice,” turned up on the Internet, where they have been widely pirated. On Friday, a threatening email was sent to employees warning them and their families of “danger.”
A group calling itself Guardians for Peace has taken credit for the attack, and there has been speculation that North Korea might be involved in the hacking as retaliation for “The Interview,” an upcoming Sony comedy about a plot to assassinate the country’s leader Kim Jong-un starring Seth Rogen and James Franco.
Here’s the full text of Lynton and Mandia’s messages:
Over the last week, some of you have asked about the strength of our information security systems and how this attack could have happened. There is much we cannot say about our security protocols for obvious reasons, but we wanted to share with you a note we received today from Kevin Mandia, the founder of the expert cybersecurity firm that is investigating the cyber-attack on us. The investigation is ongoing, but Mr. Mandia’s note is helpful in understanding the nature of what we are dealing with. Full text below.
We also want to thank you once again for your resilience and resourcefulness in carrying out our critical day-to-day activities under incredibly stressful circumstances. As a result of your efforts, we have made great progress moving our business forward, and we will continue to do so.
— — —
As our team continues to aid Sony Pictures’ response to the recent cyber-attack against your employees and operations, I wanted to take a moment to provide you with some initial thoughts on the situation.
This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat.
In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.
We are aggressively responding to this incident and we will continue to coordinate closely with your staff as new facts emerge from our investigation.