Sony Pictures Entertainment could not have been “fully prepared” for a massive hack that hit the company last month, the head of a cybersecurity firm hired by Sony said in an internal memo published Monday.
In an internal email obtained by Re/code, Sony CEO Michael Lynton shared a note with employees from Kevin Mandia, head of security firm Mandiant, that called the Sony hack an “unparalleled crime” carried out by “an organized group.” Sony has contracted with Mandiant to investigate and clean up the breach.
“The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat,” said Mandia in the note to Lynton. It went on to say that “neither SPE nor other companies could have been fully prepared” for the attack, which leaked employees’ salaries, social security numbers and other data, as well as unreleased films.
The Mandiant letter may aim to vindicate Sony from responsibility for the hack after the company was accused of showing a cavalier attitude toward cybersecurity. Only 11 people were assigned to Sony’s security team, Fusion reported last week, while Sony Pictures’ executive director of information security Jason Spaltro told CIO Magazine in 2007 that it may be “a valid business decision to accept the risk” of a security breach.
Here’s the full note from Re/code:
- How to Help Victims of the Texas School Shooting
- TIME's 100 Most Influential People of 2022
- What the Buffalo Tragedy Has to Do With the Effort to Overturn Roe
- Column: The U.S. Failed Miserably on COVID-19. Canada Shows It Didn't Have to Be That Way
- N.Y. Will Soon Require Businesses to Post Salaries in Job Listings. Here's What Happened When Colorado Did It
- The 46 Most Anticipated Movies of Summer 2022
- ‘We Are in a Moment of Reckoning.’ Amanda Nguyen on Taking the Fight for Sexual Violence Survivors to the U.N.