Imagine sitting down at your office and turning on your desk computer only to be met with an image of a skull accompanied by a threat. That’s exactly what happened to employees at Sony Pictures Entertainment, which announced that it had no choice but to shut down its computer system Monday out of self-preservation.
Word of the hack originated with an anonymous Reddit post and was later confirmed by Deadline. The origin of the hack is still being investigated, Sony said, but the size and seriousness of the situation was never in doubt.
Employees around the world were instructed to disconnect their computers and stay away from email thanks to a message reading, “We’ve already warned you, and this is just a beginning. We continue till our request be met. We’ve obtained all your internal data including your secrets and top secrets. If you don't obey us, we'll release data ... to the world. Determine what will you do till November the 24th, 11:00 p.m. GMT.”
The threat was signed “Hacked by #GOP,” which stands for Guardians of Peace. The hacking group claims that it will release a trove of “secrets” if its unmentioned demands were not met. Employees told Variety they were instructed that the technical issues, which come at the dawn of the holiday shopping season, could take three weeks to resolve.
The infiltration also comes after a high profile data breach on the PlayStation Network in August as well as another in 2011 that resulted in the loss of millions of Americans' personal information. Sony has denied that the PSN has been hacked again.
“This is bad for Sony’s reputation, and it could be potentially worse if customers suffer financial loss and litigation follows against the competency of the company whose responsibility it is to protect their customer data,” Mark Skilton, a Warwick Business School professor who specializes in cybersecurity, said. “Providing a solid cyber strategy is getting harder when intrusion monitoring and prevention is clearly insufficient, as it appears to be in Sony’s case.”