More evidence has emerged that makes the Sony Pictures hack look similar to a suspected attack on South Korean companies over a year ago. And a spokesperson for the North Korean government, rather than denying his country’s involvement, is playing coy as the damage to Sony appears to be growing daily.

When contacted by the BBC, a spokesperson for North Korea’s mission to the United Nations said, "The hostile forces are relating everything to [North Korea]. I kindly advise you to just wait and see."

Sony Pictures’ computers were reportedly the victim of wiper malware which erased all the data on infected PCs and the servers they were connected to. As Ars reported yesterday, this is similar to the attack on two South Korean broadcasters and a bank that was launched in 2013. As security reporter Brian Krebs reports, the FBI sent out a “Flash Alert” to law enforcement warning of a cyber attacker using “wiper” malware this week—malicious software that erases the entire contents of the infected machine’s hard drives as well as the contents of the master boot record of the computer. The FBI shared a Snort intrusion detection signature for the malware file, and as Krebs noted, "the language pack referenced by the malicious files is Korean."

The attackers also posted archive files online containing at least 25 gigabytes of data from Sony’s network. [Update: in an e-mail to Ars that included a link to an archive of some of the stolen Sony Pictures data, an individual claiming to be "the boss" of the attackers known as GOP claimed that "tens of TB" of files had been exfiltrated and would be shared as soon as possible.] Some of those files included Excel spreadsheets and screen grabs from mainframe terminal sessions including employee payroll and medical data.

A link to the Pastebin page has been removed by Google after a Digital Millenium Copyright Act complaint by Sony, and other Pastebin pages related to the data have been removed. Sites hosting the data that were listed in the original Pastebin page were apparently subjected to a denial of service attack by someone attempting to stop the spread of the data. However, the files have now been shared through torrents.

Among the files released through links posted to Pastebin and now circulating on filesharing networks, according to a report by Kevin Roose of Fusion, are:

A spreadsheet including the names, birthdates, and social security numbers of 3,803 employees of Sony Pictures.

Payroll breakdowns for the entire company in a spreadsheet.

A spreadsheet detailing all the Sony Pictures employees terminated in 2014, including cause for termination; many were laid off as part of a corporate reorganization. The spreadsheet also included the termination costs for each employee, including severance and COBRA benefits.

Employee performance reviews.

Salaries for top executives—including a spreadsheet that shows that Sony Pictures’ Columbia Pictures subsidiary co-president Michael De Luca gets paid almost $1 million more than Columbia’s other co-president, Hannah Minghella.

A file directory tree of one archive obtained by Krebs shows Excel spreadsheets detailing everything from Sony Pictures’ human resources department workflow. The files include records of 401K contributions and wire transfers, payroll audits, health insurance claims and appeals—including names of employees who filed appeals on coverage decisions by Sony Pictures’ health insurer—and travel reimbursement claims.

They also include employee requests for leaves of absence, disability claims, and other documents that constitute a massive privacy breach for Sony’s employees.

Update: An archive of files seen by Ars seems to be less sensitive—approximately a gigabyte of sales data, the most recent of which dates to April of this year and stretches back over 5 years. The files, which have metadata indicating they were produced using a Sony Pictures Entertainment corporate license of Microsoft Office, include corporate PowerPoint templates, image files of contracts for television deals (including local affiliate contracts for "Dr. Oz" and "Seinfeld" reruns) sent by fax machine, and a file from a salesman's computer called "Passwords.doc." The document, last edited by a woman whose LinkedIn account indicates she was a Sony Pictures ad sales assistant in 2011, includes her bosses' American Express card number and online account information, Lotus Notes usernames and passwords (one of them is "password," the other is "s0ny123"), Sony network login and password, and their fax numbers. One of those bosses is the current vice president of Syndication Sales for Sony Pictures Television.

While North Korean involvement in the attack is possible, it doesn't seem overly plausible based on the nature of the attack and the claims made by those who have been posting data. One posting related to the attack claimed that GOP was seeking "proper monetary compensation for the victims" of Sony Pictures' corporate reorganization and mass layoffs this year. In a phone conversation with Ars, Sam Kassoumeh, the co-founder and chief operating officer of analytics firm Security Scorecard, said that evidence suggested to him that there was at least some insider involvement in the attack. "From a psychological perspective, this attack is invoking emotions that may apply to employees of Sony as well. It may likely have been someone internal leaking the information because they knew how to get to it, rather than it being an outside attacker."