Paramount confirms data breach after cyberattack

The movie studio and streaming giant Paramount confirmed a data breach this week involving the personal information of fewer than 100 people.

The incident, which was first reported by Bleeping Computer, was reportedly not related to ransomware or to the exploitation of the MOVEit vulnerability.

“We did investigate an incident where we learned that an unauthorized party accessed certain files from our systems. Upon discovery of the unauthorized activity, we took swift action to identify and address the incident,” a spokesperson told Recorded Future News.

“The personal information of less than 100 individuals may have been accessed by the unauthorized party and those individuals and the relevant authorities were notified. Data security remains one of our top priorities and we continue to regularly update and enhance our security protocols.”

The company sent out breach notification letters to victims on August 11 explaining that between May and June, hackers infiltrated their systems and accessed files within certain parts of their network.

After an investigation the studio discovered that names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers and the person’s relationship to Paramount were leaked during the breach.

The type of information leaked varied by person. Law enforcement was contacted and the company hired a cybersecurity firm to address the incident.

The company offered victims two years of free identity monitoring services. Victims have until November 11 to sign up for the services.

The studio’s spokesperson did not respond to requests for comment about whether the information was from vendors or employees.

The incident follows an announcement last month by children’s television giant Nickelodeon — which is owned by Paramount — that it was investigating an alleged breach after hackers claimed to have stolen 500 GB of data.

Screenshots of the files allegedly taken included folders on some of Nickelodeon’s biggest titles, including Rugrats, Avatar: The Last Airbender, SpongeBob SquarePants, Danny Phantom, the Smurfs, Monster High and more.

Cyberattacks on film and animation studios are common, with the most prominent being the 2014 attack against Sony Pictures involving hackers from North Korea. The hackers leaked troves of embarrassing employee emails, personal information about executives, copies of films, scripts and more.