Reminder: This is a personal blog, and not a news outlet. My views do not reflect those of any past, present, or future employer.
At the start of last week, an image of a skeleton on a screen made the rounds on every news site. Ominous reports started to leak that Sony Pictures Entertainment had been hacked.
This seemed bad, but at the time I wasn’t very concerned. How much damage could someone do to one of The Big Six? There are six major, movie studios in the whole world. There are many other movie studios, but in terms of scale, there are six big ones, and they’re all
located headquartered in the Los Angeles area. Even the large studios own their own smaller studios. Sometimes those include animation studios, visual effects studios, games, interactive media, etc.
I worked for Sony Pictures Imageworks for many years. SPI is a division of Sony Pictures Digital (Sony Pictures Digital Productions Inc.). SPDP is part of Sony Pictures, which is a subsidiary of Sony.
The hack affected Sony Pictures Entertainment, and I expected it to only affect the computer systems tied specifically to the parent company. However, all of the paperwork for the other companies under it appears to be held on the same servers.
I heard, through a few people, that they had obtained the list of file names that the hackers claimed they would release. Just file names, nothing else. When I saw my name, I knew I was in there for real. That it wasn’t just some gimmick. Especially when they had a t-shirt order form with my name on it in addition to all those performance reviews and contracts. No one would purposefully go to that level of detail for me, the hackers obviously grabbed everything that wasn’t nailed down. (It appears things might not have been thoroughly nailed down.)
It’s hard to describe the violation someone can feel about data relating to their identity, and their work. On the one hand, I know no company would seriously use any performance data obtained from this hack, but on the other hand I know that it’s just out there. My reviews aren’t even bad, but what about everyone else? I’m sure not everyone has paperwork as vanilla as my own.
Social Security Numbers, however, are timeless. All it takes is one person to save a file for use later on. A timebomb on your identity, and credit.
Not to mention the revelation that there are spreadsheets with the medical history of employees. If anyone has a private medical matter, it is now publicly available to unscrupulous people.
I unequivocally condemn the hack. SPI is not my current employer (after they relocated to Vancouver they are unlikely to be my employer again) but this kind of attack exploits and punishes all the employees, and former employees. The company was already in the midst of a restructuring, and this will make that even worse. People will lose their jobs, either directly as a result of the hack, or indirectly due to financial losses the company will incur because of the hack.
Sony Pictures was mostly silent since the news of this hack first leaked. All they would initially confirm was a “disruption”. Some employees leaked memos to the press. No effort has been made to proactively contact former employees, and no statements have been released to the press for how former employees should contact the company. No effort has been made to announce anything through the media to former employees at all.
This is a media company that, the very same week, launched an all-out blitz for the next James Bond film, and hosted the annual company holiday party. I believe it was, and is, possible for them to do something for former employees seeking answers.
After learning of the hack, I attempted to contact the SPE main lot. I was helpfully directed to the appropriate department. The phone rang for a bit and then someone picked up the phone and hung up on me. I sent an email to an HR address, and three days later, on Sunday the 7th, I received a response. I do appreciate that they were working the Sunday to respond to emails. They said my name was added to the list of the provider they selected for identity protection, and that I should wait to be contacted by that company. They had no idea what information was compromised by the hack.
No one knows who is behind this. The best guess is North Korea, because a lot of the communication has centered on the film, The Interview. Other speculation has mentioned an insider, though it may be some combination of the two. The FBI investigation is still ongoing.
The data dumps have been going on at a steady pace. They appear to be lumps of similar data in each batch. Either how they were originally organized, or how they were reorganized by the hackers to package for distribution. They have been irregularly dumping hundreds of gigabytes of files.
Some people are reacting to these dumps with glee, because they can pick apart all of the damaging secrets. I am not one of those people. I do have complicated feelings about the reporting. Even though they are a former employer, I have no desire to see the company destroyed. I still have friends that work there, and I want the best for them.
If you’re excited because Sony might sell Spider-Man back to Marvel you’re disgusting.
Phil Lord, famous for several films he’s made with Sony, is staunchly against any data being reported on.
The Sony hack is terrorism. Publishing the information aids terrorists. Sony execs are victims, and filmmakers. We should stand with them. — Phil Lord
Similarly, Rian Johnson:
This Sony hack is some vile shit. My policy: don’t click & note who’s posting stolen emails it so I can continue to not click in the future. — Rian Johnson
Here’s the thing though: Not talking about it doesn’t make the data go away. It’s still being dumped, and people are going to go through it. Sure it’s easy to be upset at Gawker, but what if there is stuff in there on employees being screwed? Where does that ethical line get drawn?
I have a harder time saying that nothing should be reported on. I disagree with the esteemed directors that reporters, and readers, should sit on their hands and let people without a moral compass be the only ones that see the data. Feel free to follow their interpretation though, they are cool dudes.
Sadly, you can’t unexplode this by ignoring the explosion.