The Sony Data Breach: Full Timeline

In a year of broad-ranging and publicly damaging corporate data breaches, the malware attack on Sony Pictures Entertainment joins the ranks of companies like Home Depot, JP Morgan and eBay who suffered incredible losses at the hand of deft cyber-attackers.

Here’s the timeline of everything we've learned so far:

November 21: An anonymous email was sent to Sony CEO Michael Lynton and other executives threatening them to “behave wisely,” asking for “monetary compensation,” to avoid “great damage.”

November 24: Story broke that a destructive malware “wiper” attack took place against Sony Pictures Entertainment by a group calling itself the GOP, or Guardians of Peace. The malware, known as “Destover” or “Wipall,” infected and erased company hard drives.

November 26: Hackers published torrent links to one released and four unreleased Sony movies: Fury, Annie, Mr. Turner, Still Alice and To Write Love On Her Arms.

December 1: Sony learned personally identifiable information was compromised, as the first of the stolen files were published by the GOP. Among the information released: salaries of over a dozen top executives, names, addresses, social security numbers, driver’s license numbers, passport numbers, bank account information, credit card information used for travel/corporate expenses, usernames and passwords, as well as HIPAA-related information.

With Sony’s support, the FBI launched an investigation into the intrusion.

December 2-4: Two subsequent leaks were made available by the GOP that included passwords, security certificates, and a slew of marketing slide decks.

December 7: An internal memo was released by Lynton, featuring a letter from Kevin Mandia, head of cybersecurity firm Mandiant who described the attack as “unprecedented in nature” and “an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”

December 8: GOP released the fourth leak of documents that included thousands of personal emails discussing upcoming business deals and movies. Along with the leak came a message from the hackers, directly warning against the release of “The Interview.”

We have already given our clear demand to the management team of SONY, however, they have refused to accept.

It seems that you think everything will be well, if you find out the attacker, while no reacting to our demand.

We are sending you our warning again.

Do carry out our demand if you want to escape us.

And, Stop immediately showing the movie of terrorism which can break the regional peace and cause the War!

You, SONY & FBI, cannot find us.

We are perfect as much.

The destiny of SONY is totally up to the wise reaction & measure of SONY.

December 11: Gawker broke story of Sony keeping quiet about an eerily similar data breach on one of their servers back in February, raising concerns about the validity of the internal memo issued a day earlier claiming the recent attack was “unprecedented.”

December 13: GOP leaked yet another set of documents, along with a message promising an even larger “more interesting” set of documents they referred to as a “Christmas gift.”

We are preparing for you a Christmas gift.

The gift will be larger quantities of data.

And it will be more interesting.

The gift will surely give you much more pleasure and put Sony Pictures into the worst state.

Please send an email titled by “Merry Christmas” at the addresses below to tell us what you want in our Christmas gift.

December 14: Boies, Schiller and Flexner LLC on behalf of Sony issued legal threats to several media outlets, requesting their cooperation in deleting any of the leaked documents in their possession, otherwise be held “responsible for any damage or loss arising from such use or dissemination by you.”

December 15: Keller Rohrback L.L.P. filed a class action lawsuit on behalf of former Sony employees. The former employees are suing Sony for failing to protect their private information, especially in light of the “repeated data breaches suffered” by the company.

Per the complaint, “Sony knew or should have known that such a security breach was likely and taken adequate precautions to protect its current and former employees.”

December 16: The hackers released a message threatening a 9/11-type attack on any movie theaters showing “The Interview.”


We will clearly show it to you at the very time and places “The Interview” be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.

Soon all the world will see what an awful movie Sony Pictures Entertainment has made.

The world will be full of fear.

Remember the 11th of September 2001.

We recommend you to keep yourself distant from the places at that time.

(If your house is nearby, you’d better leave.)

Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.

All the world will denounce the SONY.

The hackers also released the first portion of their “Christmas gift,” a torrent file named after Sony CEO Michael Lynton. It included the contents of Lynton’s email account, dating back to 2008.

December 17: After anonymous reports that AMC, Cinemark, Regal and Cineplex were going to back out from showing “The Interview,” Sony issued a statement canceling the December 25th release.

In light of the decision by the majority of our exhibitors not to show the film The Interview, we have decided not to move forward with the planned December 25 theatrical release. We respect and understand our partners' decision and, of course, completely share their paramount interest in the safety of employees and theater-goers.

Sony Pictures has been the victim of an unprecedented criminal assault against our employees, our customers, and our business. Those who attacked us stole our intellectual property, private emails, and sensitive and proprietary material, and sought to destroy our spirit and our morale – all apparently to thwart the release of a movie they did not like. We are deeply saddened at this brazen effort to suppress the distribution of a movie, and in the process do damage to our company, our employees, and the American public. We stand by our filmmakers and their right to free expression and are extremely disappointed by this outcome.

December 18: U.S. officials confirmed to several prominent media outlets that they have concluded North Korea was “centrally involved” in the hacking of Sony Pictures.

December 19: The FBI released a statement formally accusing the North Korean government as being responsible for the hack on Sony Pictures, stating North Korea’s “actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.”

President Obama later addressed the media regarding the Sony hack and promised, “We'll respond proportionally, and we'll respond in a place and time and manner that we choose."

January 2: In response to the Sony breach, President Obama imposed new sanctions on North Korea, targeting 10 North Korean officials and three government agencies.

"The actions taken today under the authority of the President's new Executive Order will further isolate key North Korean entities and disrupt the activities of close to a dozen critical North Korean operatives," said Secretary of the Treasury Jacob J. Lew.

Get top data breach news sent direct to your inbox by signing up for our weekly newsletter, Data Breach Ripples.

Schedule Your Demo

Request a Product Tour

You have fraud frustrations? We have the solutions. Let's discuss what you are dealing with and we can learn more and share how we can help.

Three blue ellipsis's