Paramount Admits Data Breach – Report

Paramount Global has been hacked and the attackers obtained personally identifiable information (PII) of victims.

This is according to BleepingComputer, which reported on a letter sent to affected individuals that revealed the hackers had gained access to Paramount Global systems between May and June 2023.

The hack of entertainment firms does tend to make headlines. One of the most notable in the past decade was the devastating hack of Sony Pictures Entertainment in late 2014.

Sensitive data

The Sony hackers were identified by the FBI as being from North Korea, and they successfully disrupted the launch of the film of comedy ‘The Interview’. The movie depicted the fictional assassination of North Korean leader Kim Jong Un.

The hack penetrated Sony Pictures’ internal network and led to the leak of unreleased films, as well as the publication of embarrassing internal documents, including the salary details of top executives and personal information on Hollywood celebrities.

But the hack of Paramount Global seven years later seems a tad more mundane, although not for the victims considering the valuable personal data that has been compromised.

It is reported that less than 100 people were impacted.

“Based on our investigation, the personal information may have included your name, date of birth, Social Security number or other government-issued identification number (such as driver’s license number or passport number) and information related to your relationship with Paramount,” Paramount wrote to the impacted people.

After discovering the incident, Paramount took steps to secure impacted systems and started an investigation to establish the extent and scope of the breach, BleepingComputer reported.

Paramount also hired a cybersecurity expert to help investigate the attack and is collaborating with law enforcement agents as part of an investigation.

It said it’s also upgrading security measures to ensure that similar incidents will not reoccur.

“We did investigate an incident where we learned that an unauthorised party accessed certain files from our systems. Upon discovery of the unauthorised activity, we took swift action to identify and address the incident,” a Paramount spokesperson told BleepingComputer.

“The personal information of less than 100 individuals may have been accessed by the unauthorized party and those individuals and the relevant authorities were notified, the spokesperson reported said.

Paramount is yet to reveal if the affected people are staff or customers (e.g., Paramount+ subscribers).

No less severe

The breach drew the attention of William Wright, CEO of Closed Door Security, who warned that the small number of people impacted does not reflect the serious nature of the compromise.

“Even despite only a small number of individuals being impacted, this doesn’t make this incident any less severe,” said Wright. “Now criminals have access to confidential personal data that can be used in phishing attacks, identity fraud or to make credit applications.”

“Paramount has not stated whether it is employees or customers impacted by the breach, but those that receive a notification must be on guard for email scams,” said Wright. “These emails may relate to the Paramount incident, where criminals trick victims into revealing more personal details through phishing. Victims must be on guard for these and report any suspicious activity to Paramount, so they can take steps to warn other victims.”

“Cybercrime is inevitable today, and no organisation should ever gamble with its defences,” said Wright. “Implementing threat detection solutions, training employees on security threats, and keeping systems patched, while running proactive pen testing, are all important practices to improve cyber resilience.”