The online theft of vast amounts of highly sensitive information from one of Hollywood's leading movie studios could have dire implications for companies in all industries.
Much of the media coverage of North Korea’s alleged hacking of Sony’s corporate data has thus far focused upon the salacious celebrity gossip that it’s uncovered, as well as the trivial nature of the Seth Rogan comedy that spurred the catastrophic fiasco.
According to internet experts, however, the sheer scale and effectiveness of the attack on one of the world’s leading entertainment concern could have severe implications for the online and digital business operations of all large corporations in the future in future.
The hacking of Sony’s private data and its dissemination via file-sharing network was penetrating enough to uncover data that acutely embarrassed the company’s key executives and severe hamper its operations.
Even more serious than the reputational damage incurred by he company however, is the legal mess created for Sony – the very victim of the hacking, as a result of huge trove of confidential staff information that was purloined by the hackers.
A small group of former employees have already launched a class-action lawsuit against Sony Pictures on the grounds that the film-making giant failed to adopt measures to safeguard the highly confidential information in relation to plaintiffs, whose public dissemination makes them vulnerable to identity theft.
The two lead plaintiffs, Michael Corona and Christina Mathis, allege that Sony was responsible for two “inexcusable problems” in relation to confidential employee information that it held in its keeping. The first is that Sony willfully failed to safeguard its computer systems, servers and databases despite being aware of their weaknesses, because the company made an explicit “business decision to accept the risk” of potential losses in association with online attacks
The second is that Sony failed to engage in timely protection to safeguard the confidential information of both current and erstwhile employees from hackers – despite being warned by the hackers that such information would be publicly disseminated via file-sharing sites.
The sheer volume and confidential nature of staff data accessed by Sony’s hacker assailants could spell disaster for both current and former employees. These include over 47,000 Social Security numbers, salary information, credit card number and private medical details.
According to one of the lead plaintiffs, Michael Corona, information stolen from Sony has already been used by to steal the identities of both himself and his immediate family members – despite the fact that Corona departed from the company seven years ago.
The other plaintiff, Christina Mathis, has already meet with similar difficulties despite the fact that she left Sony more than a decade ago in 2002.
The remarkable ease with which hackers were able to obtain such a vast amount of confidential staff information from Sony Pictures – one of Hollywood’s wealthiest and most renowned film studios, could have dire implications for internet security in a plethora of other industries.
This is particularly the case for corporations operating in areas related to the built environment, such as construction companies, engineering consultancies and realtors.
Not only do these companies possesses confidential employee information that is obligatory for any business – they also harbor huge volumes of highly confidential and proprietorial data on designs, technologies and tenders.
Even if such information is withheld from the general public, it can still be used to ruinous effect by the rival and adversaries of hacked businesses, to undermine tendering processes or to purloin the exclusive intellectual property that enables companies to gain an edge against competitors.
The potential implications of the Sony hacking scandal do not mean, however, that industry and big business will be forced to withdraw from either the internet or digital technology while conducting their operations.
The event does serve, however, as an extreme salient reminder to companies in all industries of the need for ironclad internet security measures and thorough legal safeguards, given the shocking ease with which effective hacking assaults can be launched against even the most prominent of targets.