It played out like a film marketing campaign for a “Hackers meets War of the Worlds” picture. Each warning and subsequent data dump onto Bittorrent seemed like it was accompanied by a comedy laugh track and “Oh no you di-int:, “Oh yes you di-id!” I was affected by the Sony Pictures hack of 2014. At least I think I was.
This week’s Slate article, “Sony Employees on the Hack, One Year Later” took me back to those weeks of uncertainty. Unsurprisingly, I have exactly as much information, answers and closure as I had when I first heard of the hack. I have received one form-generic email from Sony Pictures, in response to a specific inquiry to their “hotline” email address set up to triage the influx of questions from current and former employees.
“Was any of my personal data part of this leak?”
My question was pretty simple and specific: “Was any of my personal data part of this leak?” I worked for Sony fifteen years prior, in the 1999-2000 timeframe. I was the first Sony employee in the world with the word, “broadband” in their title. As Director of Broadband Production, I was tasked with developing and prototyping new products and services that the studio could offer over this nascent high-speed always-on network. To say I was involved in the digital side of things would be an understatement. I produced early prototypes of services that would become Crackle, Playstation Store and more. Basically, most TV and mobile streaming, download or connectivity services excluding the content itself originated in our group. My work was backed up on hard drives; it was highly likely my personal data was as well. Since I was married at the time, my spouse’s information was also probably stored on an HR server.
The answer I got wasn’t very assuring. “There’s no way of knowing.” Which immediately struck me as incorrect. Of course there’s a way of knowing. Sony’s IT security group could download the terabytes of stuff that was leaked, search it, and give me a yes or no. Or I could. Or literally anyone on the planet with an internet connection could. To this day, this is the only way to know for sure. Ethics (and likely some laws) preclude me from pulling down these torrents myself to a local hard drive. I don’t want to have access to thousands of people’s personal information. Their social security numbers, medical information, bank account numbers and salary/bonus information. I don’t want to know stuff about their wives and kids, or what kind of dirt is in their emails or disciplinary files. I don’t even want to know what data of mine’s in there; I just want to know if it is there.
This whole thing has been like hearing from a long lost girlfriend, calling out of the blue to say she tested positive for some kind of STD and “you might want to get checked.”
The only difference being, I’m reading about this ex-girlfriend in the press, discovering how wildly irresponsible and promiscuous she has been over the years, hearing nothing and taking it upon myself to contact her – and only getting her voicemail when I call.