Sony Pictures HIPAA Breach Included Social Security Numbers

The data breach at Sony Pictures rocked both the company and the industry as a whole; the volume of data obtained by the hackers was immense and it was not clear initially what the criminals had managed to obtain and if a Sony Pictures HIPAA breach had actually occurred.

The company has now issued an announcement about the hacking incident which has shed light on the extent of the data obtained by thieves. That said, the criminals themselves are also making that known. They have been posting data on the internet and making numerous threats about exposing more.

All of the individuals affected by the Sony Pictures data breach have now been sent breach notification letters alerting them to the fact that their personal data was exposed in the incident. Both the media and the affected individuals were informed that the incident appeared to have been orchestrated by a group of hackers who were operating under the name of Guardians of the Peace – or GOP.

The hackers seem intent on causing embarrassment and have issued numerous threats about releasing highly confidential information. They have already posted over 200GB of data online. While much of the media attention has been focused on the details of upcoming films that have been released – and the company’s marketing strategies and other sensitive company information – it would appear that the hackers also managed to obtain the company’s personnel records. Some of that data has already been divulged on darknet websites and other internet portals.

It is understood that more than 30,000 individuals have been affected and have had their sensitive information posted online. As a result of this exposure, all of those individuals, most of whom were members of Sony Entertainment staff, are placed at a high risk of suffering identity and medical fraud.

The company has advised all individuals receiving a breach notification letter about the Sony Entertainment HIPAA breach to sign up for credit monitoring services and to check their credit and EOB statements for potential signs of fraudulent activity.

The company did confirm that access to the company’s computers has now been stopped, and only a limited network of terminals was being used while new defenses are put in place. Efforts continue to determine the exact cause of the breach.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of