Sony Picture’s security team had few resources and a poor reputation among its employees, according to new reports about the company-wide hack that led to leaked movie budgets, salary information, social security numbers and unreleased films.
Unnamed sources with ties to the company told Fusion that Sony had a lax attitude towards security. “Sony’s ‘information security’ team is a complete joke,” one former employee said. “We’d report security violations to them and our repeated reports were ignored.”
Just 11 people are assigned to the information security team out of a company of 7,000 employees, according to leaked files discovered by Fusion. Only three people on the team are not managers or directors.
The executive director of information security at Sony Pictures, Jason Spaltro, told CIO Magazine in a 2007 interview that it may be “a valid business decision to accept the risk” of a security breach, depending on the cost of investing in security and the cost of a successful attack.
Sony is offering one year of free credit monitoring and fraud protection to current and former employees, the Wall Street Journal reports.
Many experts speculate the recent breach, which is now being investigated by the security firm FireEye as well as the FBI, was perpetrated by North Korea, though a Pyongyang diplomat recently denied his country was responsible.
More Must-Reads from TIME
- Donald Trump Is TIME's 2024 Person of the Year
- Why We Chose Trump as Person of the Year
- Is Intermittent Fasting Good or Bad for You?
- The 100 Must-Read Books of 2024
- The 20 Best Christmas TV Episodes
- Column: If Optimism Feels Ridiculous Now, Try Hope
- The Future of Climate Action Is Trade Policy
- Merle Bombardieri Is Helping People Make the Baby Decision
Contact us at letters@time.com