Sony Corp.'s film studio said yesterday it has provided notice to the approximately 37,500 people who may have had some personally identifiable information stolen during the recent attack on sonypictures.com.

Sony Pictures Entertainment, however, pointed out that the stolen information did not include, any credit card information, social security numbers or driver license numbers from these people. It said that it never obtained such information from the customers.

Sony learned about the attack on June 2 when a hacker claimed that he had recently broken into sonypictures.com. Sony said it promptly took offline all potentially affected databases containing personally identifiable information and contacted the U.S. Federal Bureau of Investigation.

"We are continuing to investigate the details of this cyberattack; however, we believe that one or more unauthorized persons may have obtained some or all of the following information that you may have provided to us in connection with certain promotions or sweepstakes: name, address, email address, telephone number, gender, date of birth, and website password and user name," Sony said.

"For your security, we encourage you to be aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony Pictures Entertainment will not contact you by email or otherwise to ask for your credit card number or social security number. If you are asked for this information, you can be confident Sony Pictures Entertainment is not the entity asking. When our website features are fully restored, we strongly recommend that you log on and change your password. If you use your Sony Pictures website user name or password for other unrelated services or accounts, we strongly recommend that you change them there, as well."

LuzSec

Sony Corp.'s movie studio confirmed June 2 it had been hit by a hacker attack from a group called "LulzSec" and said it was working with FBI to find the people responsible.

LulzSec has claimed it broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. It added that, among other things, it compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".

Sony shut down its Playstation network in April after a security breach in its PlayStation Network and Qriocity services. Hackers stole personal information -- including names and e-mail addresses -- from all of 77 million accounts, including credit card information of 12.3 million account holders. The services resumed in nearly all regions at the end of May, but not after the pressure of building a new system that has more firewalls, an offer to provide $1 million identity theft insurance per customer, month-long free play for affected customers, and lost revenues because of the more than a month shutdown.

Sony has been reviewing its online security since it suffered an embarrassing hacking attack in April on its Playstation Network.Sony said last month that it expects the PlayStation security breach to hurt operating profit by about 14 billion yen (US$170 million) in the fiscal year ended March 31, 2012.

The Sony Pictures breach is another headache for the Japanese electronics giant. It recently reported a third straight year of red ink. Sony posted a $3.2 billion net loss for fiscal year ended March 31, 2011, due to a write-off on a certain portion of deferred tax assets in Japan due to the March 11 earthquake and tsunami.

Sony is reportedly is reviewing the security of its active Web sites, which is estimated to number to several thousands.

LulzSec noted that SonyPictures.com was owned by a very simple SQL injection, "one of the most primitive and common vulnerabilities", and that that every bit of data we took wasn't encrypted.