I work at Sony Pictures. This is what it was like after we got hacked.
An employee* in the Los Angeles office of Sony Pictures Entertainment (SNE) opened up to Fortune about the personal ordeal they went through following revelations of North Korea’s alleged cyber attack on the company. What follows is their words, condensed and edited for clarity.
The Monday before Thanksgiving, we all came to work. Some people had turned on their computers and were working. At around 8:15 a.m., that black screen of death came on.
They shut down the entire network. We couldn’t really work the rest of the week, which seemed OK because it was a holiday week. But as Tuesday and Wednesday progressed, it became clear that this wasn’t a simple hack.
Over Thanksgiving, I joked about it. We all thought it might take a while to get our work life back—files, things we have to do before the end of the year.
It wasn’t until Monday or Tuesday of the following week when we realized the extent of it. That’s when we got word that it might take weeks to get back up. Things became more clear when it was revealed what information was released. Around Wednesday or Thursday, people started saying: call your bank, change your passwords, set up a new checking account.
I was completely irate. Once it got personal, it was just, are you kidding me? Seeing the faces of colleagues with families—they’re worried about their life savings, their retirement funds, their kids.
And the blogs were the ones giving us all the information. We got more information from blogs and websites than we did from Michael [Lynton, CEO of Sony Pictures Entertainment] and Amy [Pascal, co-chair of Sony Pictures Entertainment].
The company provided us with All Clear ID, which is a security monitoring firm, but some people said that LifeLock was the way to go, and I decided to get it. There’s a reason you pay [$29.99 a month] for it.
That weekend, I set up alerts on all my bank accounts and credit cards. I get a text message about every transaction, and the [smartphone] apps send me notifications on my home screen anytime there’s a charge.
I changed every single password. Five for banking and credit cards. Then for my 401(k), health insurance, three email accounts, and Facebook. I changed them for Amazon, eBay, PayPal, and other shopping sites. In all, it was probably 25 to 30.
A few days later, we were on loaner laptops, pen and paper, recreating PowerPoints, re-creating databases. All the things you’d need when you’re working on any kind of business deal. Word documents, contracts, PDFs. We chugged along. We did as much as we could. But there were certain days that people had to leave the office to do what they had to do personally.
Going forward, I want to know that I won’t get a random $500 charge. I decided that I’m never going to access any of my financial accounts on my work computer ever again. If I need to do something urgently, I’ll use my smartphone, or I’ll go home and do it. It’s not worth the risk.
Some people have gone a little overboard, changing their passports and things like that. For me, money and keeping my finances secure is most important.
It’s taken a toll, mentally—do I have to worry about someone getting a random medical procedure with my benefits? And there’s the frustration at the way the top top brass handled the situation. Why didn’t they provide more for the employees? Why didn’t they bring in security consultants?
You read all these reports about morale being low. I wouldn’t say it’s low. You chug along. But it is like, wow, you always have to look over your shoulder. This is forever.
*The employee’s name has been withheld due to the sensitivity of the ongoing situation.