Sony data breach claims first scalp as co-chair steps down

Amy Pascal, co-chair of Sony Pictures Entertainment, steps down in wake of data breach that exposed "inappropriate" comments in emails

Amy Pascal, co-chair of Sony Pictures Entertainment, has stepped down in the wake of the massive cyber attack and data breach at the company in November, which exposed comments in her private emails.

Pascal was one of the high-profile Sony executives whose emails were leaked, revealing that she had made derogatory comments about the viewing habits of President Barack Obama in an email to producer Scott Rudin.

Pascal and Rudin have both apologised for the emails, with Pascal saying in a statement that the content of her emails were “insensitive and inappropriate, but are not an accurate reflection of who I am”.

Pascal now plans to start a production company that will launch in May 2015 and will be funded for at least the next four years by Sony, which will retain distribution rights, reports the BBC.

"I have spent almost my entire professional life at Sony Pictures and I am energised to be starting this new chapter based at the company I call home," Pascal said in a statement.

She added that her transition to a production role had been discussed "for some time".

Sony has not yet named a successor to Pascal, leaving Michael Lynton as the sole head of one of Hollywood's biggest production studios.

Although Lynton has admitted the company was unprepared for the nature and extent of the cyber attack, there have not yet been any resignations by any executives responsible for information security at the firm.

Two months after the high-profile data breach at US retailer Target in December 2013, chief information officer Beth Jacob resigned, followed two months later by chief executive and chairman Gregg Steinhafel.

On 24 November, Sony revealed that it had been hacked a group calling themselves Guardians of Peace (GOP), which shut down parts of the company’s network and stole internal data.

The attack disabled computers, and employees found that they had lost all past email, contacts, distribution lists, budgets and anything else stored on the network.

Data released online shows the attackers accessed a wide variety of information, including a list of employee salaries and bonuses, internal emails and unreleased films.

READ MORE ON SONY CYBER ATTACK

How is the Sony hack different from other attacks?

Despite the difficultly of attribution in cyber attacks because of the many ways of hiding the source of an attack, US authorities claim the attack can be traced to North Korea.

The apparent motive for the attack was in retaliation for Sony's decision to produce The Interview, a comedy film about a plot to assassinate Korea's leader, Kim Jong-Un.

This week, however, US security firm Taia Global claimed that Russian hackers also played a part in the attack, and that the hackers still have access to the movie studio's computer systems.

A Taia Global report alleges that Russian hackers managed to gain access to Sony Pictures Entertainment's computer systems at the same time as GOP.

Jeffrey Carr, Taia chief executive, claims to have received multiple files from a Russian hacker called Yama Tough that appear to be internal Sony documents that were not included in any data published by GOP, and that at least one document has been verified as legitimate by its author.

According to the Taia report, Sony Pictures is "still in a state of breach" because the security firm has received documents from Sony from late January 2015, long after the hack supposedly ended.

The report suggests that either the Russian hackers attacked Sony at the same time as the GOG, or North Korea was not involved at all.

Business Insider suggests that a third option not considered by Taia is that North Korea or North Korean-affiliated hackers carried out the attack, but at some later date the previously unseen documents left their possession, eventually reaching Taia.

An unknown intermediary may have fooled Yama Tough, or Tough could be lying to Taia about where he got the documents, which means there is not necessarily any Russian involvement.

Carr told Forbes he was “100% certain” the information was legitimate, but admitted the source might be Yama Tough himself, although he has denied the allegation.

Read more on Privacy and data protection