By Heather Roy, Junior PR Consultant
“If you can’t say anything nice, don’t say anything at all.” This age-old adage has come back to bite the reputations of some pretty high-profile Hollywood executives through the recent Sony Pictures hack.
But the scathing emails, which allegedly call Angelina Jolie “a minimally talented spoiled brat,” Leonardo DiCaprio’s behaviour “horrible” and “despicable,” and Adam Sandler’s films “mundane and formulaic,” are only the sideshow in what has quickly become one of the largest corporate data breaches in history.
It started on November 24 when a threatening skull simultaneously flashed on the computer screens of all Sony employees with the following threat: “If you don’t obey us, we’ll release data shown below to the world.”
And that’s exactly what happened. According to the Wall Street Journal, the hack released the social security numbers of 47,000 employees and actors. The 33,000 leaked documents also revealed personal information, salaries of more than 6,000 current and former employees and their home addresses, medical records and emails. It also released five Sony films, four of which had not yet made it to theatres.
Cyber Terrorism or Blowing Smoke?
But it was The Interview, a comedy about a plot to assassinate Kim Jong-un, North Korea’s dictator, which sparked fears about public safety. On December 5, hackers claiming to be called the Guardians of Peace, emailed a threat to Sony employees, saying its agents would hurt them if they didn’t sign a statement “repudiating the company.” The same group then emailed reporters in poorly written English on December 16, threatening to attack movie theatres that show The Interview.
“We will clearly show it to you at the very time and places The Interview be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to. Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear. Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time.”
Sony has since cancelled the release of the film. And according to the New York Times, senior US administration officials said North Korea was “centrally involved” in the hacking of Sony’s computers. The White House is currently considering how to address the situation.
But what does this breach say about information security in an age when companies store the vast majority of their data online? And who is responsible for ensuring private data stays private?
When publicity around the hack showed no sign of slowing down, Sony urged journalists and news organizations to stop reporting on the details of its “private” documents and threatened to hold journalists accountable for any damages caused by their stories.
“We are writing to ensure that you are aware that SPE does not consent to your possession, review, copying, dissemination, publication, uploading, downloading or making any use of the stolen information,” attorney David Boies wrote in a December 14 letter that was sent to news outlets, including the New York Times, Bloomberg and Businessweek. The company also said that if journalists do not abide by its request, Sony Pictures “will have no choice but to hold [them] responsible for any damage or loss.”
But the reality of the situation is that Sony and its employees are responsible for making sure Sony’s documents are secure. This means that employees should not share passwords and the company should have a strong security team and policies in place. As TIME points out, the hack ironically revealed that Sony Pictures CFO, David C. Hendler, flagged the company’s risky security policy of requiring employees to keep old emails, as recently as October.
The leaked correspondence, at a bare minimum, has taught the general public a valuable lesson: don’t type, tweet, post, or send anything that you want to keep private because there is always a chance that what you write will become public. It might sound extreme, but it’s a reality of today’s digital world.
However, self-censorship isn’t really an option when it comes to protecting company data. So, what do you think? How should companies like Sony protect their private information to avoid harming their brands and the reputations of their clients and employees?
Share your thoughts here or join the conversation on our Facebook page.