Paramount Pictures data breach exposes personal data

Production company, Paramount Pictures, has revealed that it recently suffered a data breach that exposed personally identifying information. 

In a data breach notification letter written to impacted parties, the production company explained that an unauthorized party had gained access to its systems between May and June of this year, allowing them to access customers’ personal information. The information accessed may have included:

  • Name.
  • Date of birth.
  • Social Security number or other government-issued identification number (such as driver’s license number or passport number).
  • Information related to victims’ relationship with Paramount.  

A Paramount spokesperson told cyber security news site BleepingComputer that “the personal information of less than 100 individuals may have been accessed by the unauthorized party and those individuals and the relevant authorities were notified”. It has not yet been revealed if the data accessed was related to customers or employees.

Paramount reassured those impacted by the breach that the systems effected have been secured and an investigation into the cause and scope of the data breach. It noted that there is “no evidence to date that the personal information contained in the relevant files has been misused” as a result of the cyber security incident.

The company also said that it is “implementing enhanced measures to help prevent this type of issue from reoccurring” as well as offering free credit protection and identity theft monitoring services to thos affected for two years.

Media production companies have been the targets of cyber attacks previously, due to the nature of the data they hold.

What happened during the Sony spear phishing cyber attack?

In 2014, Sony Pictures’ employees, including system engineering and network administrators, were targeted with fake emails that looked like legitimate communications from Apple, asking them to verify their Apple ID credentials.  

When they clicked on the link provided, targeted employees were taken to a legitimate-seeming webpage that prompted them to input their login details. As these emails were sent only to those who would most likely have access to Sony’s network, these details were then used to hack into its network.  

The spear phishing campaign led to multiple gigabytes of data being stolen including digital copies of recently released films and customer-facing projects as well as business-related content and financial records. The hack cost Sony an estimated US$15mn.

How did the HBO hack happen?

In July 2017, cable television company HBO was the victim of a cyber attack which saw hackers steal an estimated 1.5TB of data.

The documents stolen, and later leaked during the “disruptive, unsettling, and disturbing” cyber attack (so described by described by chairman of HBO, Richard Piepler), included scripts for upcoming episodes of popular fantasy series Game of Thrones.  

In a statement about the breach, HBO said it employed law enforcement and external cyber security firms regarding the data breach and “immediately began investigating the incident”.  

The hacker responsible for the attack sent a message to news organizations about the breach, which read: “Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones……!!!!!! [sic] You are lucky to be the first pioneers to witness and download the leak. Enjoy it and spread the words. Whoever spreads well, we will have an interview with him. HBO is falling.” 

Behzad Mesri, an Iranian hacker who used the alias ‘Skote Vahshat’ was later arrested, indicted and charged with a number of offences relating to the crime. These included extortion, computer fraud, identity theft and wire fraud. Mesri remains wanted by the FBI.