Sony Pictures' nightmare week: what now? By Dave Lee

Technology reporter, BBC News Published duration 5 December 2014

image copyright Getty Images image caption The launch of the new James Bond film - not the only thing Sony Pictures revealed this week

As the week draws to a close, many Sony Pictures employees will be left thinking: Thank heavens for James Bond.

For without the announcement of the new 007 film, this week would have been continuous misery for a company that has suffered one of the most damaging, not to mention embarrassing, security breaches in history.

To recap: We heard last month that Sony had been the victim of a cyberattack. Some employees were reportedly told to turn off their machines.

Some received a message from a group calling itself the Guardians of Peace (GOP).

"Hacked by #GOP" it read, showing even cyberattackers have a social media strategy.

The group warned that if its demands were not met, it would release a bevy of information from the company.

This week, they made good on that threat.

Unreleased films apparently leaked. Information on actors' salaries, too - as well as payroll data and social security numbers for more than 47,000 employees.

And not just any employees: personal details of celebrities including Sylvester Stallone.

In the courts

So what happens now?

Sean Sullivan, a security advisor with Finland-based F-Secure, says it's too late to do anything to contain the leaking.

Sony Pictures will just have to hope the worst is behind them - and move on to preparing for the fall out.

"The range of lawsuits that Sony could be facing is everything under the sun," he told me.

image copyright Columbia Pictures image caption The upcoming remake of Annie, due for release this month, was reportedly leaked online

Most pressing is the payroll data, Mr Sullivan said. Reams and reams of information about employee salaries.

Those who have been able to pick through the data - such as US data privacy firm, Identity Finder - raise the possibility of gender discrimination lawsuits. Men and women, in the same jobs, earning different sums.

"If there was anyone looking to do a discrimination lawsuit, you typically, when standing in a court, have to have evidence of discrimination.

"Now [there could be] plenty of evidence."

Speaking to Buzzfeed, US lawyer Brian Strange said the leak of the data would be enough for current and former employees of the company to "file an action".

Sony Pictures has not yet commented on what lies ahead - but the Sony Corporation, the parent company, has found itself in this kind of situation before.

When its PlayStation Network was hacked in 2011, a class-action lawsuit from users resulted in the company settling by offering free content (i.e. games) and free assistance in monitoring whether users had suffered any credit card fraud.

Sony Pictures will take comfort in how the PlayStation Network, and its reputation, managed to recover.

Adam Sandler

Beyond the courts, Sony Pictures must now consider its reputation, said Mr Sullivan from F-Secure, who added that trust is hard to regain after such a massive breach.

"It has to be a huge blow to morale, a huge barrier to overcome now for anybody else wanting to do business with them.

image copyright Getty Images image caption Some Sony Pictures employees are not huge fans of Adam Sandler's films

"It's about relationships in Hollywood - that's got to be a bad blow for how they can make connections to folks and make deals.

"I would not expect them to have a good time for quite a while."

On the slightly lighter side, there have been some embarrassing leaks. A document detailing suggestions from staff of ways to improve the company contained many less-than-complimentary mentions of comedian and actor Adam Sandler.

"We continue to be saddled with the mundane, formulaic Adam Sandler films," noted one employee, as discovered by news site Gawker.

As well as being an actor, Mr Sandler runs his own studio - with Sony Pictures being the parent company. An awkward meeting with Sony Pictures executives awaits, you would assume.

Targeted executives

Earlier this week I spoke with Gert-Jan Schenk, president of McAfee for Europe, Middle East and Africa.

I asked him why he thought that, despite regular warnings from security firms and journalists, many companies still displayed indifference to threats.

He noted that while companies are, for the most part, expanding their information security budgets, it is not to the same level he thinks is required to give the protection needed in the modern, connected age.

Of course, as someone whose job is to sell security products, Mr Schenk has an interest in encouraging more security, but the Sony Pictures hack is perhaps the wake up call that pushes corporations the world over to invest more.

image copyright Getty Images image caption Pyongyang has not yet made an official comment on rumours it was involved - but experts think it's unlikely

Mr Sullivan agrees - suggesting that hackers, regardless of whether they pose a real threat, will be capitalising on the fear of executives.

He thinks some will target studio executives and claim that they have information.

"If a studio executive at Fox gets an extortion note, he's going to have to take it very seriously," he said.

"It's not just Sony Pictures having a bad day - there's also probably lots of fraudulent claims being foisted at executives all over Hollywood at this point."

Hollywood hacker

We know little about Spectre, the new Bond film.

But we do know that cast once again is Ben Whishaw who, in the previous 007 film, Skyfall, updated the role of Q from gadget maestro to hacking genius.

But his major contribution in the film is a blunder - his lapse in concentration means a malware infection, as villain Raoul Silva gains access to MI6's machines. Cue a fantastic visualisation of an infected network, and gasps of horror from Bond and friends.

At Sony Pictures, the horror at this hack is real.

And the drama surrounding it could be straight out of a Hollywood movie - such as the suggestion that North Korea, angry at an upcoming Sony film, was somehow involved.

F-Secure mostly dismisses that rumour, although Mr Sullivan admits that "nothing surprises" him anymore.

Regardless of who was responsible, the next 12 months will be an uneasy time for Sony Pictures.

If it weathers this monumental hacking storm, perhaps one day it'll make a film about it.

Follow Dave Lee on Twitter @DaveLeeBBC