Sony has released more information regarding a recent breach suffered by one of the many Sony properties that have been targeted by hackers over the past few months. The company said on Wednesday that personal information belonging to 37,500 users has been compromised as a result of a cyberattack on the Sony Pictures website last week. Hackers from a small group known as Lulz Security claimed to have accessed over one million accounts during their breach of the Sony Pictures site, but they were only able to download a small sample of those records due to their limited resources. Sony states that no credit card numbers were stored on the website’s servers, but information including names, genders, addresses, email addresses, phone numbers, birth dates, user account names and passwords was taken during the breach.
UPDATE: Sony Pictures’ letter to customers affected by the breach can now be seen after the break.
On June 2, 2011, we learned we were the target of a cyberattack when a hacker claimed that he had recently broken into sonypictures.com.  Upon learning of this cyberattack, our team retained outside experts to conduct an investigation and forensic analysis.  In addition, we promptly took offline all potentially affected databases containing personally identifiable information and contacted the U.S. Federal Bureau of Investigation.  We are working with the FBI to assist in the identification of those responsible for this crime.
We greatly appreciate your patience, understanding and goodwill as we work to resolve these issues quickly and efficiently.
We are continuing to investigate the details of this cyberattack; however, we believe that one or more unauthorized persons may have obtained some or all of the following information that you may have provided to us in connection with certain promotions or sweepstakes: Â name, address, email address, telephone number, gender, date of birth, and website password and user name.
For your security, we encourage you to be aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Â Sony Pictures Entertainment will not contact you by email or otherwise to ask for your credit card number or social security number. Â If you are asked for this information, you can be confident Sony Pictures Entertainment is not the entity asking. Â When our website features are fully restored, we strongly recommend that you log on and change your password. Â If you use your Sony Pictures website user name or password for other unrelated services or accounts, we strongly recommend that you change them there, as well.
If you have concerns about the effect of this cyberattack on information you may have provided to us, we have listed below additional information and resources for your consideration:
- U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus.  To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
- At no charge, U.S. residents can have the three major U.S. credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. Â This service can make it more difficult for someone to get credit in your name. Â Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. Â As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Â Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.
Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289;Â www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790,Fullerton, CAÂ 92834-6790
- You may wish to visit the web site of the U.S. Federal Trade Commission atwww.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW,Washington, DC 20580 for further information about how to protect yourself from identity theft.  Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC.  For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov.
- We will provide you separately with information about a complimentary offering to assist you to the extent you may be interested in enrolling in identity theft protection services and/or similar programs.
We thank you for your patience as we complete our investigation of this cyberattack, and we regret any inconvenience. Our teams are working to restore as soon as possible any website features that have been disabled.  Please contact our Toll Free Information Line at 1-855-401-2644, Monday-Friday, between 9 am and 5 pm Central, should you have any additional questions.
Sincerely,
Sony Pictures Entertainment Inc.
