Sony Data Breaches: Full Timeline Through 2023

In 2014, Sony Pictures was hit by a major data breach perpetrated by state-affiliated North Korean hackers. More recently, Sony stated they were investigating an alleged breach in September 2023, and notified employees of a separate breach that occurred earlier in the year.

Below, you’ll find a full timeline of Sony data breaches and security incidents, starting with the most recent.

October 2023: Sony Notifies Employees of Data Breach

In early October, Sony notified 6,791 current and former employees that their data had been compromised by a data breach earlier in the year. The attack itself occurred in late May, as part of the MOVEit attacks, which compromised hundreds of companies and government agencies.

Sony stated that they detected the intrusion on June 2, and promptly fixed the situation. It does not appear that any customer data was implicated in this breach.

September 2023: Sony Investigates Alleged Hack

On September 25, the hacker group RansomedVC claimed to have stolen 260 GB of proprietary data from Sony — by the hackers’ description, “all of sony systems.” They posted 6,000 files as a sample of the stolen data, including a PowerPoint presentation and source code files.

Another hacker, MajorNelson, claimed credit for the breach on Breached Forums, and stated that “RansomedVCs are scammers who are just trying to scam you and chase influence.”

Sony has stated they are investigating the matter, and has not offered greater detail on the alleged hack. It does not appear any customer data was implicated in this incident.

August 2017: Hacker Group Accesses Sony Social Media Accounts

In August 2017, a group named “OurMine” gained access to Sony PlayStation social media accounts and began posting claims that it accessed the PlayStation Network database and collected registration information, including usernames, names, and emails. However, Sony was able to retake the accounts in relatively short order.

The group said it was a security firm and wasn’t planning to release the data, taking the position of white hat hackers who were trying to reach PlayStation employees. However, the group’s website implied that the company would essentially attack companies and publicize the incidents as a means of selling its security services, which may or may not have been legit.

December 2014: PlayStation Network Taken Down by Christmas DDoS Attack

While this attack didn’t involve stolen data, a December 2014 DDoS attack did make for a less than joyous Christmas for up to 160 million gamers. A group called Lizard Squad claimed responsibility for taking down the networks, overloading the systems to ensure others couldn’t make use of the services.

The incident was mostly considered frustrating by users, particularly those who received new games during the holiday season. Eventually, the hacker behind the DDoS attack was identified and sentenced to 27 months in prison for hacking activities involving Sony, Steam, EA, and others.

Sony also saw similar incidents during the year leading up to the 2014 holiday season. An August 2014 DDoS attack – also reported managed by Lizard Squad – took PlayStation Network and Sony Entertainment Network services offline. It was also similar to a 2013 incident, where Sony’s networks were unavailable for periods during Christmas during the first holiday season after the release of the PS4.

November 2014: Hackers Steal 100 Terabytes of Data from Sony Pictures

In late November 2014, a hacker group with ties to North Korea calling themselves the “Guardians of Peace” stole mountains of data from the Sony Pictures network. Within the treasure trove of information were plans and scripts for unreleased films, personal data on employees and families, internal emails, salary information, and a ton of other information relating to Sony properties and personnel.

Along with the theft, the hackers deleted data from Sony systems using a variant of the Shamoon virus, which is designed to wipe data. As Sony worked to recover, the hackers began releasing some of the information it collected. Along with copies of films – including unreleased movies – it began sharing certain confidential documents and communications.

The hackers leaked some of what it uncovered to journalists, including emails between employees. Within those emails were conversations where employees name-called, insulted film stars, and other content that most would deem embarrassing.

The hackers also began making threats and demands, many of which were tied to the upcoming release of The Interview, a comedy featuring James Franco and Seth Rogan about a pair of American journalists are recruited by the CIA to assassinate Kim Jong-un during an interview. It wasn’t the first time a group took issue with the upcoming film, as the North Korean government had previously written to the United Nations asking that the movie be halted, calling it a form of terrorism. However, all with demands to pull the movie, the hackers made threatening statements, including stating that those who saw the movie would face a “bitter fate” and stating, “Remember the 11th of September 2001,” which most took as a threat of terrorism.

Sony originally pulled the movie. However, at the behest of many – including then-President Barrack Obama – the studio later reversed course, going with a limited theatrical and online release.

While the data leaks and threats were a major concern for Sony during the weeks and months following the hack, it wasn’t the only challenge the entertainment giant faced. Employees of Sony filed a lawsuit, claiming that they suffered significant economic harm when their personal data was stolen.

An agreement was reached that resulted in Sony needing to pay up to $8 million to address employee claims. Along with compensation for identity theft losses, the studio would cover the cost of fraud protection services and legal fees up to set caps. As for the damage to the company’s systems, it’s said the repairs cost around $35 million.

In September 2018, Park Jin Hyok – a computer programmer who was accused of working for North Korea – was charged in connection with the Sony hack, as well as the WannaCry virus. However, since Park operated out of China, it wasn’t believed that he would ever be extradited to face the charges. Later, charges were also levied against Jon Chang Hyok and Kim Il, though it is also unlikely that they’ll ever make their way to a United States courtroom.

June 2011: Sony Pictures Website Hacked, Exposing One Million Accounts

Hackers attacked several Sony Pictures-associated websites in mid-2011, compromising over one million user accounts by capturing usernames and passwords. The hack also uncovered around 75,000 music codes, along with 3.5 million coupons.

LulzSec claimed that it had the data, claiming the cache also contained admin details. Hackers also said they had information on employees, stating that everything was accessed using a “very simple SQL injection.”

May 2011: Personal Details on 25 Million Sony Online Entertainment Customers Stolen

In May 2011, Sony announced that personal details from 25 million Sony Online Entertainment customer accounts were stolen. Along with names, addresses, birthdates, and phone numbers, hackers also gathered information about PC games customers purchased through the system.

During the hack, a database containing data from 2007 was also compromised. While it was referred to as “outdated” by Sony, it contained direct debit records from over 10,000 European customers, as well as personal data from around 23,400 individuals outside of the United States.

As part of the announcement, Sony confirmed that the data was actually taken on April 16 or April 17, 2011. Additionally, it said that it initially didn’t believe that any data was copied by hackers who accessed the system but later found that to be a false assumption.

April 2011: Hackers Access Personal Data of 77 Million Sony PlayStation Network Users

In mid-April 2011, Sony’s PlayStation Network was hacked, and personal information on 77 million accountholders – essentially every user – was stolen. The incident also led to a several-week service outage, preventing users from being able to access the PlayStation network.

Sony initially discovered that an unauthorized user had accessed personal data – including user names, emails, addresses, birthdates, usernames, passwords, and more – at some point between April 17 and April 19, 2011. The company didn’t announce the discovery immediately, instead waiting until April 26 to make the announcement.

When the hack was found, Sony did shut down two PlayStation network services on April 20, issuing a vague statement about its awareness of an outage, later saying it expected a recovery within one to two days. While it admitted that an external intrusion occurred on April 22 and that the outage was Sony’s own doing, it remained quiet about the personal data element.

On April 23, Sony stated it would need to rebuild its system to provide additional security. On April 26, the company admitted in a statement that sensitive data was stolen during the hack.

While there wasn’t evidence that account-associated credit card numbers were accessed, Sony recommended that users contact their card providers to notify them that their numbers and expiration dates – though not the three-digit security code – may have been compromised.

The PlayStation network services remained down for several weeks, with Sony announcing it would come back online in stages. The service did not fully resume until mid-May.

It’s believed that a later incident – specifically a slew of console bans that began making headlines in gaming circles in June 2021 – was potentially related to this and the 2014 hack. Consoles IDs were captured during the hack, allowing hackers to potentially spoof the console for nefarious purposes.

July 2008: PlayStation Site Targeted with SQL-Injection Attack, Prompting Visitors to Download Fake “Antivirus Scanner”

In July 2008, the PlayStation website was compromised. When some visitors arrived, they saw prompts to download an “antivirus scanner,” which was actually fake. While the prompt could have loaded malicious software, it doesn’t appear that occurred. It isn’t clear how many people saw the prompt or if any damage occurred.

About the Author

Find Catherine on Firewall Times

Catherine Reed

Catherine Reed is a writer and researcher with experience writing about a wide variety of topics including personal finance, technology, and staffing.