The hackers who breached Sony’s computer network have leaked sensitive personal information on some 47,000 individuals, including celebrities, security researchers say.
An analysis by the security firm Identity Finder found full names, social security numbers, birth dates and home addresses, allowing “a clear path for criminals intent on committing identity fraud”.
“The most concerning finding in our analysis is the sheer number of duplicate copies of social security numbers that existed inside the files,” said Identity Finder president Todd Feinman on Friday.
He said some of these numbers appeared in more than 400 different locations, “giving hackers more opportunities to wreak havoc”.
The researcher found 601 files containing this data including spreadsheets and Word documents. They said more than 15,000 of the social security numbers belonged to current or former Sony employees.
Sony Pictures earlier this week confirmed the attack, calling it a “brazen” effort that netted a “large amount” of confidential information, including movies as well as personnel and business files.
F-Secure researcher Sean Sullivan said the attack “is fast becoming the worst hack any company has ever publicly suffered”.
But Sullivan said that reports suggesting North Korea is behind the incident appear “implausible”.
“Either the attackers are copyright reformist hackers targeting Hollywood or the attack was an attempted shakedown and extortion scheme,” Sullivan said in a blog post.
Variety has reported that unreleased Sony movies, including the upcoming Annie, have been made available on illegal file-sharing websites.
The war film Fury, as well as Mr Turner and Still Alice were also made available.