Sony Hackers Expose Rogen’s Pay Along With Deloitte SalariesChristopher Palmeri, Anousha Sakoui and Lucas Shaw
Hackers who took over Sony Pictures computers released the budget for “The Interview,” the Seth Rogen comedy about North Korea, adding to a breach that exposed salaries at Deloitte Touche and studio head Michael Lynton’s credit-card number.
The latest documents, including Rogen’s $8.4 million-plus compensation, were posted on the file-sharing site Pastebin after a purported hacker said more stolen data would be coming. Documents on executive pay, Social Security numbers and scripts for not-yet-aired TV shows have also been revealed.
“That’s really, really sensitive stuff, particularly for high-profile people,” said Zachary K. Goldman, executive director of the Center on Law and Security at New York University’s School of Law. “Think of all the mayhem you could cause with that.”
The disclosure highlights the scope of the breach at the Culver City, California-based studio owned by Sony Corp. The hackers, linked by Sony investigators to a group associated with a North Korean regime unhappy with the coming Rogen film, penetrated Sony’s systems, shut down its networks and put the studio’s films online for free. Documents from “The Interview” exposed details on deals with top actors.
A Sony spokeswoman declined to comment, as did Lynton, who is chief executive officer of Sony Entertainment. Lynton and Amy Pascal, who is co-Chairman of Sony Pictures Entertainment, confirmed in a Dec. 2 memo to staff that confidential data had been stolen.
The hackers put five Sony films online for free at file-sharing websites and released employee reviews. Lynton and Pascal each were paid at a $3 million annual rate, according to Fusion.net, a cable network and website owned by Walt Disney Co. and Univision Communications Inc.
The films that landed on file-sharing sites included “Fury,” a Brad Pitt war picture released in October, and “Annie,” which opens in cinemas on Dec. 19. The FBI has said it’s investigating the matter, while Sony has used cease-and-desist letters to demand the movies be taken down.
Hackers also obtained 2005 pay information on more than 31,000 employees of Deloitte Touche Tohmatsu Ltd., according to Fusion.net, which is based in Doral, Florida. That included data suggesting high-paid men far outnumber women, the site said.
“We have seen coverage regarding what is alleged to be 9-year-old Deloitte data from a non-Deloitte system,” Jonathan Gandal, a spokesman, said in an e-mail. “We have not confirmed the veracity of this information at this time. Deloitte has long been recognized as a leader in its commitment to pay equality and all forms of inclusion.”
The attack went beyond theft to a level security experts have long dreaded. It used a so-called wiper virus that erases data, can bring down networks with thousands of computers and prevent companies from being able to conduct business, according to two people with knowledge of the situation.
Rogen co-wrote, directed and stars in “The Interview,” a comedy that centers on an attempt to kill North Korean leader Kim Jong Un. The budget data released yesterday included details that don’t usually become public.
One line item appeared to be props: a “table of weed, coke, pills and panties.” Those were budgeted for $250 and came in at $241, according to the documents. Co-star James Franco received $6.5 million, while Britney Spears-ex Kevin Federline is listed as getting $5,000 for a cameo. The film cost $44 million to make, according to the documents.
Representatives for Rogen and Federline declined to comment. Franco’s spokeswoman didn’t respond to a request for comment.
Budget details for “The Interview,” which opens in U.S. theaters on Dec. 25, were among hundreds of files released in the past week by the hackers. A Sony internal investigation linked the attack to a group associated with North Korea known as DarkSeoul, a person familiar with the investigation said. That group wiped out the computers of South Korean banks and broadcasters in March 2013.
A North Korean diplomat in New York said his country had nothing to do with the attack, Voice of America reported yesterday. The broadcasting agency didn’t identify the official, saying the diplomat preferred to remain anonymous.
The attack, confirmed by Sony on Nov. 25, is the latest major computer-security breach at businesses as diverse as Home Depot Inc., the largest home-improvement retailer, and Las Vegas Sands Corp., the world’s biggest casino operator.
Korean-language coding and similarities to past attacks have led security experts to point to North Korea. A foreign ministry spokesman told the state-run Korean Central News Agency in June the country would pursue “a strong and merciless countermeasure” if “The Interview” were released.
In the film, Rogen plays Aaron Rapaport, the producer of a TV talk show who yearns to do more serious news. After the program’s host, played by Franco, scores an interview with the North Korean leader, the Central Intelligence Agency recruits the pair to poison him.
Sony has no plans to alter its promotion plans ahead of the release, said a person with knowledge of the matter. Media and critic screenings begin next week ahead of the film’s release. The two lead actors were starting publicity for the film, with Rogen taking to his Twitter account to deny a report he won’t attend a screening in Denver.
“There’s a bullsh*t story out there that our amazing Denver weed screening of TheInterviewMovie is cancelled. Lies! I’ll be there, Denver!” Rogen said on Twitter.
Sony executives were concerned about releasing the film after North Korea initiated a round of missile tests, Rogen told Rolling Stone in a cover story to be published Dec. 5.
“Any time a movie causes a country to threaten nuclear retaliation, the higher-ups wanna get in a room with you,” Rogen said, according to the magazine’s website.
The film’s co-producer, Evan Goldberg, told the Los Angeles Times a week before the attack that they were warned by security experts of possible retaliation.
“They were like, ‘You might want to change your bank passwords. We’re not joking,’” Goldberg told the newspaper.
An alleged warning, posted on the website Reddit last week, cited the Nov. 24 release date of the hacked data and said, “This is just the beginning.”