Entertainment powerhouse Paramount Global was hacked earlier this year, between May and June, with threat actors running away with sensitive data.
As reported by BleepingComputer, Executive Vice President (EVP) of Nickelodeon Animation Studio, Brian Keane, mailed the victims earlier this week, to explain what had happened and what the company was doing about it.
“Based on our investigation, the personal information may have included your name, date of birth, Social Security number or other government-issued identification number (such as driver’s license number or passport number) and information related to your relationship with Paramount,” the message allegedly reads.
Employees, or customers?
While it’s yet unknown if the data stolen belonged to Paramount’s employees or customers (for example, subscribers to the Paramount+ service), we know how many individuals were affected:
“The personal information of less than 100 individuals may have been accessed by the unauthorized party and those individuals and the relevant authorities were notified,” the company’s spokesperson told the publication.
After the initial findings, Paramount followed the incident response playbook: it hired a third-party security expert to run forensics and assess the damage, notified the police, and started upgrading its security posture so that such incidents don’t repeat in the future.
The identity of the attackers is unknown, but apparently, we can cross Clop off that list; BleepingComputer says that the Russia-linked threat actor wasn’t behind the attack. In fact, the strike on Paramount wasn’t a ransomware attack at all, and it had nothing to do with the recent compromise of MoveIT either.
Paramount is one of the world’s largest entertainment conglomerates, owning brands such as Comedy Central, Nickelodeon, Showtime, MTV, and others. It operates in more than 180 countries and has more than 4.3 billion subscribers (there is probably a lot of overlapping across different platforms, as Paramount Plus, for example, counts 32.8 million subscribers).