In 2014, Sony Pictures Entertainment suffered a massive cyberattack resulting in the loss of over 100 Terabytes of data containing confidential company information. This breach not only led to financial losses estimated to be well over $100 million but also severely damaged the company’s reputation. The attack was conducted through phishing emails, where the attackers disguised themselves as colleagues using fake Apple ID verification emails. Utilizing a combination of LinkedIn data and compromised Apple ID logins, the assailants were able to acquire passwords that matched those used for Sony’s network. This significant incident underscores the importance of enforcing robust cybersecurity measures and the necessity of employing unique passwords for different online services to mitigate the risk of such breaches.
Source: https://hempsteadny.gov/635/Famous-Phishing-Incidents-from-History
TPRM report: https://scoringcyber.rankiteo.com/company/sony
"id": "son601050824",
"linkid": "sony",
"type": "Vulnerability",
"date": "12/2014",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Entertainment',
'name': 'Sony Pictures Entertainment',
'type': 'Entertainment Company'}],
'attack_vector': 'Phishing',
'data_breach': {'type_of_data_compromised': 'Confidential company '
'information'},
'date_detected': '2014',
'description': 'In 2014, Sony Pictures Entertainment suffered a massive '
'cyberattack resulting in the loss of over 100 Terabytes of '
'data containing confidential company information. This breach '
'not only led to financial losses estimated to be well over '
'$100 million but also severely damaged the company’s '
'reputation. The attack was conducted through phishing emails, '
'where the attackers disguised themselves as colleagues using '
'fake Apple ID verification emails. Utilizing a combination of '
'LinkedIn data and compromised Apple ID logins, the assailants '
'were able to acquire passwords that matched those used for '
'Sony’s network. This significant incident underscores the '
'importance of enforcing robust cybersecurity measures and the '
'necessity of employing unique passwords for different online '
'services to mitigate the risk of such breaches.',
'impact': {'brand_reputation_impact': 'Severely damaged',
'data_compromised': 'Over 100 Terabytes of confidential company '
'information',
'financial_loss': 'Over $100 million'},
'initial_access_broker': {'entry_point': 'Phishing emails'},
'lessons_learned': 'Enforcing robust cybersecurity measures and employing '
'unique passwords for different online services to '
'mitigate the risk of such breaches.',
'title': 'Sony Pictures Entertainment Cyberattack',
'type': 'Data Breach',
'vulnerability_exploited': 'Compromised Apple ID logins and LinkedIn data'}