On 08 August 2013 the attorney spokesman for the city of Los Angeles, Thom Mrozek confirmed that Raynaldo Rivera, a LulzSec Member, has been sentenced to 366 days in prison, 13 months of house arrest and 1,000 hours of community service in addition to $605,663 in restitution for his role in leaking the details in over 1,000,000 records of personal information from Sony Pictures.
Prosecutors say “Rivera was a member of LulzSec, a hacking group committed to causing anarchy in corporate and government entities”.
According to a listing on the Privacy Rights Clearing House website, the hackers located data in a database relating to a Sweepstakes competition “that included passwords, email addresses, phone numbers, home addresses, and dates of birth. The information was not encrypted”.
Whilst it is not clear how Rivera and his associates gained access to the database, Sony’s poor data storage conventions, allowing for information to be read in plain text, makes it increasingly easy for future fraudsters to cross-text this stolen information on other websites such as Gmail, Facebook and Twitter.
Any time a data leak of this sort occurs, the chances of those users being susceptible to forms of identity theft such as Account Takeover and Application Fraud vastly increase. In this case, home address was included which opens the door to very serious financial fraud such such as New Application Fraud.
You can read the full press release here.