Eight days after a massive attack on the internal systems of Sony Pictures Entertainment, the Hollywood studio was still struggling to restore some systems as investigators combed for evidence to identify the culprit.
Some employees at the Sony entertainment unit were given new computers to replace ones that had been attacked with the rare data-wiping virus, which had made their machines unable to operate, according to a person with knowledge of Sony's operations.
In a memo to staff, studio co-chiefs Michael Lynton and Amy Pascal acknowledged that "a large amount of confidential Sony Pictures Entertainment data has been stolen by the cyber attackers, including personnel information and business documents".
The company was "not yet sure of the full scope of information that the attackers have or might release," according to the memo, which also encouraged employees to take advantage of identity protection services being offered.
The executives' concern underscores the severity of the breach, which experts say is the first major attack on a US company to use a highly destructive class of malicious software.
Government investigators led by the FBI are considering multiple suspects in the attack, including North Korea, according to a US national security official with knowledge of the investigation.
The FBI today said it was working with its counterparts in Sony's home country of Japan in the investigation.
The agency on Monday warned US businesses about the use of malware and suggested ways to defend themselves. The warning said some of the software used by the hackers had been compiled in the Korean language, but it did not discuss any possible connection to North Korea.
Sony's troubles
The November 24 attack only affected computers running Windows software, meaning Sony employees using Apple Macs (most of the marketing department) had not been affected, according to the person familiar with Sony's operations.
Sony Pictures Entertainment shut down its internal computer network last week to prevent the data-wiping software from causing further damage, forcing employees to use paper and pen.
The studio has brought some systems back online, focusing first on those from which the company generates revenues, including those involved with marketing and distributing its films and TV shows, according to the person.
The hack comes at a tough time for Sony, following soon after a denial-of-service attack on Sony's PlayStation Network in August. Sony was also victim of a notorious 2011 breach that compromised data of tens of millions of PlayStation Network users.
It also comes just as the company's CEO Kazuo Hirai is trying to grow the entertainment business to help offset losses in its mobile division.
He has been under pressure to prove the segment's growth potential after rejecting a proposal by US hedge fund Third Point to spin it off last year.
Forensic investigation
People claiming responsibility for the attack have posted high-quality digital copies of yet-to-be-released Sony films and purported sensitive data about the company's operations and employees online, making them freely available to the public in a series of releases over the past five days.
Sony's holiday musical "Annie", which is due to be released December 19 in the United States, was available for download on a popular piracy site last night.
Daniel Clemens, chief executive of cyber security firm PacketNinjas, said he had reviewed the files released to date and believed they were stolen from Sony.
He said he found business contracts as well as Social Security numbers, salary information and medical data about employees.
"This is a horrible compromise," Clemens said.
The US national security official, who asked to remain anonymous, said the forensic investigation was in its early stages and no clear suspects had yet emerged.
However, the tools used in the attack were based on ones used in similar attacks conducted against South Korea by North Korea, a person familiar with the company's investigation said today.
The person, who was not authorised to publicly discuss Sony's probe into the attack, said that investigators hired by the company made the connection to North Korea as they reviewed evidence left by the hackers.
Sony is reportedly investigating whether hackers working on behalf of the North Korean government were responsible for the attack as retribution for the company's backing of the film "The Interview".
The Pyongyang government denounced the film as "undisguised sponsoring of terrorism, as well as an act of war" in a letter to UN Secretary-General Ban Ki-moon in June.
