In Focus: Employee Data Exposed in HBO Breach

Sources say hack bigger than Sony Pictures’

By Aliah D. Wright Aug 3, 2017

Not only did cyberthieves hack into HBO's computer systems last weekend, but also experts investigating the breach now say employee data was stolen. The amount of information taken is seven times larger than what was taken from Sony Pictures in a similar hack three years ago.

The latest breach should be a wakeup call for HR professionals tasked with keeping workers' sensitive information secure.

Hackers stole 1.5 terabytes of data from the HBO television network, Entertainment Weekly reported recently, releasing employee data, e-mails and other sensitive material. They also leaked a script for a future episode of the wildly popular series "Game of Thrones," as well as unaired episodes of the shows "Ballers" and "Room 104."

According to Variety, "thousands of potentially sensitive internal documents, employee data, and a possible access to internal corporate e-mail" were exposed. In 2014, hackers believed to be sponsored by North Korea invaded Sony Pictures' network and stole employee data, videos, scripts, and an unreleased movie. At least one Sony executive lost her job.

In a statement, HBO acknowledged the hack and said it was working with law enforcement and private firms to scrub the Internet of its data.

"Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold," network executives stated in a media release.

(Entertainment Weekly, Variety)

Lessons for HR

As SHRM Online reported shortly after the 2014 data breach at Sony, hackers who called themselves the Guardians of Peace published data stolen from the California movie studio's computer systems on the Internet. Initially, hackers released e-mails with humiliating comments studio executives made about movie stars, their salaries and then-President Barack Obama. Eventually, hackers threatened to release the comedy The Interview, which depicts the fictional assassination of North Korean dictator Kim Jung Un. That led Sony to delay the theatrical release and stream it online instead.

Hackers enjoy targeting movie and television studios. In April, a hacker broke into Netflix's computer systems and released unaired episodes from the fifth season of "Orange is the New Black."

Such breaches should make HR more vigilant about cybersecurity.

"This is not something that should be bottled up in IT" but should involve the C-suite and the board, said Adam Levin, founder and chairman of Arizona-based IDT911, an information security firm. Organizations need "an entirely new corporate culture where security is part of the fabric of that culture." He said organizations should appoint a chief information security officer and make certain employee information is restricted, encrypted and segregated from other data.

(SHRM Online, The New York Times)

[SHRM members-only toolkit: 
Record-Keeping Policy: Safeguarding Social Security Numbers]

Please, Train Employees

Employees are the first line of defense against data breaches, experts say, and HR should equip them with information to thwart cyberattacks.

Most data breaches (24 percent) are caused by employee error; 15 percent are an inside job; 12 percent occur as the result of phishing attempts where employees click on phony links; 12 percent happen because a third-party accessed the data; lost laptops or devices are blamed for 9 percent and 7 percent are due to malware.

Unfortunately, "fewer than half of in-house counsel (45 percent) said that their companies have mandatory training for employees on how to prevent cybersecurity breaches," found the Association of Corporate Counsel (ACC) Foundation.

"HR has a tremendous opportunity" to educate employees about cybersecurity, and to design policies that support legal, financial and information technology, said Amar Sarwal, vice president and chief legal strategist for ACC. "HR can be right at the center of this."

(SHRM Online)


Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.


Job Finder

Find an HR Job Near You
Post a Job


Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 10,000 companies

Search & Connect