Reeling from a massive hack attack, Sony Pictures Entertainment chiefs Michael Lynton and Amy Pascal have told studio staff that they are “deeply saddened” that confidential data may be exposed.
In an email to staff sent Tuesday evening, the execs called the attack “brazen” and warned employees that they should expect their personal information may be in possession of the still-unidentified hackers.
“While we are not yet sure of the full scope of information that the attackers have or might release, we unfortunately have to ask you to assume that information about you in the possession of the company might be in their possession,” the duo said. “While we would hope that common decency might prevent disclosure, we of course cannot assume that.”
Since the studio was hacked last week by a group calling itself “Guardians of Peace,” the salaries of top executives, the personal data and Social Security Numbers of 3,803 employees, and other sensitive internal documents have been disclosed online.
Additionally, five studio films including “Annie” and “Still Alice” have also been released online and widely pirated.
Deadline first reported the company email.
Read the memo in full:
It is now apparent that a large amount of confidential Sony Pictures Entertainment data has been stolen by the cyber attackers, including personnel information and business documents. This is the result of a brazen attack on our company, our employees and our business partners. This theft of Sony materials and the release of employee and other information are malicious criminal acts, and we are working closely with law enforcement.
The privacy and security of our employees are of real concern to us, and we are deeply saddened at this concerted effort to do damage to our company, undermine our morale, and discourage us. We are enormously proud of the resilience you have all shown in the face of this attack. The company is as busy as ever, and our business continues to move forward, thanks to your great efforts.
While we are not yet sure of the full scope of information that the attackers have or might release, we unfortunately have to ask you to assume that information about you in the possession of the company might be in their possession. While we would hope that common decency might prevent disclosure, we of course cannot assume that.
Yesterday, we told you that we are offering all employees identity protection services with a third-party service provider, AllClear ID, and that you would receive an email tomorrow outlining steps to sign up. If you sign up, the AllClear ID investigators would be available to answer your questions about how to handle disclosures of your confidential information.
We can’t overemphasize our appreciation to all of you for your extraordinary hard work, commitment and resolve.
