Hackers who took over Sony Pictures computers have released the budget for
, the Seth Rogen comedy about North Korea, adding to a breach that exposed salaries at Deloitte Touche and studio head Michael Lynton's credit-card number.
The latest documents, including Rogen's $8.4 million-plus compensation, were posted on the file-sharing site Pastebin after a purported hacker said more stolen data would be coming. Documents on executive pay, Social Security numbers, and scripts for not-yet-aired TV shows have also been revealed.
"That's really, really sensitive stuff, particularly for high-profile people," said Zachary K. Goldman, executive director of the Center on Law and Security at New York University's School of Law. "Think of all the mayhem you could cause with that."
The disclosure highlights the scope of the breach at the Culver City, Calif.-based studio owned by Sony Corp. The hackers, linked by Sony investigators to a group associated with the North Korean regime, unhappy with the coming Rogen film, penetrated Sony's systems, shut down its networks, and put the studio's films online free. Documents from The Interview exposed details on deals with top actors.
A Sony spokeswoman declined to comment, as did Lynton, chief executive officer of Sony Entertainment. Lynton and Amy Pascal, cochairwoman of Sony Pictures Entertainment, confirmed in a memo to staff Tuesday that confidential data had been stolen.
The hackers put five Sony films online free at file-sharing websites and released employee reviews. Lynton and Pascal each were paid at a $3 million annual rate, according to Fusion.net, a cable network and website owned by the Walt Disney Co. and Univision Communications Inc.
The films that landed on file-sharing sites included Fury, a Brad Pitt war picture released in October, and Annie, which opens in cinemas Dec. 19. The FBI has said it is investigating the matter, while Sony has used cease-and-desist letters to demand that the movies be taken down.
Hackers also obtained 2005 pay information on more than 31,000 employees of Deloitte Touche Tohmatsu Ltd., according to Fusion.net, which is based in Doral, Fla. That included data suggesting high-paid men far outnumber women, the site said.
"We have seen coverage regarding what is alleged to be nine-year-old Deloitte data from a non-Deloitte system," Jonathan Gandal, a spokesman, said in an e-mail. "We have not confirmed the veracity of this information at this time. Deloitte has long been recognized as a leader in its commitment to pay equality and all forms of inclusion."
The attack went beyond theft to a level security experts have long dreaded. It used a so-called wiper virus that erases data, and can bring down networks with thousands of computers and prevent companies from being able to conduct business, according to two people with knowledge of the situation.