Paramount Admits Data Breach – Report

Paramount Global has been hacked and the attackers obtained personally identifiable information (PII) of victims.

This is according to BleepingComputer, which reported on a letter sent to affected individuals that revealed the hackers had gained access to Paramount Global systems between May and June 2023.

The hack of entertainment firms does tend to make headlines. One of the most notable in the past decade was the devastating hack of Sony Pictures Entertainment in late 2014.

Sensitive data

The Sony hackers were identified by the FBI as being from North Korea, and they successfully disrupted the launch of the film of comedy ‘The Interview’. The movie depicted the fictional assassination of North Korean leader Kim Jong Un.

The hack penetrated Sony Pictures’ internal network and led to the leak of unreleased films, as well as the publication of embarrassing internal documents, including the salary details of top executives and personal information on Hollywood celebrities.

But the hack of Paramount Global seven years later seems a tad more mundane, although not for the victims considering the valuable personal data that has been compromised.

It is reported that less than 100 people were impacted.

“Based on our investigation, the personal information may have included your name, date of birth, Social Security number or other government-issued identification number (such as driver’s license number or passport number) and information related to your relationship with Paramount,” Paramount wrote to the impacted people.

After discovering the incident, Paramount took steps to secure impacted systems and started an investigation to establish the extent and scope of the breach, BleepingComputer reported.

Paramount also hired a cybersecurity expert to help investigate the attack and is collaborating with law enforcement agents as part of an investigation.

It said it’s also upgrading security measures to ensure that similar incidents will not reoccur.

“We did investigate an incident where we learned that an unauthorised party accessed certain files from our systems. Upon discovery of the unauthorised activity, we took swift action to identify and address the incident,” a Paramount spokesperson told BleepingComputer.

“The personal information of less than 100 individuals may have been accessed by the unauthorized party and those individuals and the relevant authorities were notified, the spokesperson reported said.

Paramount is yet to reveal if the affected people are staff or customers (e.g., Paramount+ subscribers).

No less severe

The breach drew the attention of William Wright, CEO of Closed Door Security, who warned that the small number of people impacted does not reflect the serious nature of the compromise.

“Even despite only a small number of individuals being impacted, this doesn’t make this incident any less severe,” said Wright. “Now criminals have access to confidential personal data that can be used in phishing attacks, identity fraud or to make credit applications.”

“Paramount has not stated whether it is employees or customers impacted by the breach, but those that receive a notification must be on guard for email scams,” said Wright. “These emails may relate to the Paramount incident, where criminals trick victims into revealing more personal details through phishing. Victims must be on guard for these and report any suspicious activity to Paramount, so they can take steps to warn other victims.”

“Cybercrime is inevitable today, and no organisation should ever gamble with its defences,” said Wright. “Implementing threat detection solutions, training employees on security threats, and keeping systems patched, while running proactive pen testing, are all important practices to improve cyber resilience.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

2 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

3 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

3 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

3 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

3 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

3 days ago