12/03/2014

#sonyhack : medical and financial information of personnel leaked on TOR

"another file being traded online appears to be a status report from April 2014 listing the names, dates of birth, SSNs and health savings account data on more than 700 Sony employees. Yet another apparently purloined file’s name suggests it was the product of an internal audit from accounting firm Pricewaterhouse Coopers, and includes screen shots of dozens of employee federal tax records and other compensation data.
http://krebsonsecurity.com/2014/12/sony-breach-may-have-e...

now leaking on TOR makes it very hard to destroy the data online because it is being hosted on hundreds or thousands of computers

now it is possible to contact the people in several western countries to destroy that data because of the legal issues of sharing publicly such data but that can't be the case for the computers in other countries

you can also easily repackage the data in another file or make it a secret torrent that you only share on certain networks which makes cleaning it up very difficult

this means that it is impossible to do anything else than to consider it definitely lost and that for the respective persons they will have to get new numbers, new accounts and so on and that the cost of this has to be taken on by Sony 

it is clear that it is the clear intent of the hackers to hurt and eventually destroy Sony who can do little to stop the leaking and the disastrous effects of it 

as so much information has been copied Sony will have to consider that all internal information is compromised and will have to take these measures for all their employees which had any kind of information on the affected networks and installations

this distinction hasn't been made by the Belgian privacycommission in her guidelines of january 2013 about dataleakages and I am not sure that the European directive also makes this distinction. 

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.