Almost a week after hackers posted a trove of customer information stolen from various Sony businesses' Web sites, Sony Pictures has more details on the attack.
Today the company posted a statement saying that personally identifying information of 37,500 customers had been exposed in the breach.
"We are continuing to investigate the details of this cyberattack; however, we believe that one or more unauthorized persons may have obtained some or all of the following information that you may have provided to us in connection with certain promotions or sweepstakes: name, address, email address, telephone number, gender, date of birth, and website password and user name," the statement reads.
Sony Pictures notes that it had not requested credit card information, Social Security numbers, or driver's license numbers from those people.
Sony Pictures said it notified those affected this morning.
The hacking group calling themselves Lulzsec posted on their Twitter account Thursday that it had data stolen from Sony Web sites. The group dumped on code-sharing site Pastebin what it said was a small portion of the data it could steal, about 150,000 records from Sony Pictures and Sony BMG in Belgium and the Netherlands.
That same day Sony Pictures "retained outside experts to conduct an investigation and forensic analysis," according to the statement. "In addition, we promptly took offline all potentially affected databases containing personally identifiable information and contacted the U.S. Federal Bureau of Investigation. We are working with the FBI to assist in the identification of those responsible for this crime."
Sony Pictures released a statement from Sony Pictures Chairman and CEO Michael Lynton and co-Chairman Amy Pascal confirming the attack on Friday.