Sony Pictures Entertainment (SPE) has contradicted claims made by a hacker group known as LulzSec indicating that it had account information on one million Sony Pictures Entertainment customers.
LulzSec claimed last week that it had broken in to the Sonypictures.com Web site and made off with the personal information. SPE now claims the number is closer to 37,500.
"On June 2, 2011, we learned we were the target of a cyberattack when a hacker claimed that he had recently broken into sonypictures.com. Upon learning of this cyberattack, our team retained outside experts to conduct an investigation and forensic analysis. In addition, we promptly took offline all potentially affected databases containing personally identifiable information and contacted the U.S. Federal Bureau of Investigation. We are working with the FBI to assist in the identification of those responsible for this crime."
Obviously 37,500 is still a huge number, but it's significantly less than what the hacker group claimed. SPE also didn't contradict LulzSec's claim that the information they obtained was not encrypted, making it much easier for them to read.
SPE has sent information to the users they believe were affected in the security incident. According to Sony, the information taken by LulzSec included name, address, email address, telephone number, gender, date of birth, and website password and user name - information associated with promotions and sweepstakes offered by Sony Pictures.
SPE's security debacle comes on the heels of Sony resurrecting its PlayStation Network and Sony Online Entertainment services, taken down for more than three weeks beginning in mid-April, after as-yet unidentified hackers stole personal account information for more than 100 million users. The attack on the PlayStation Network and Sonypictures.com do not appear to be directly connected.