The latest data breach sweeping headlines is a reminder that being an enterprise organisation with a global presence doesn’t guarantee your cyber-security. For HBO, quite the opposite appears to be true with its flagship series, Game of Thrones, being specifically targeted by savvy hackers looking for a ransom.
The hack, which was first reported at the end of July, has not been claimed but has seen hackers make contact with HBO in an attempt to secure a ransom equivalent to ‘six months’ salary’, reportedly a figure between $6 million and $8 million. It has not been publicised how hackers managed to secure 1.5 Terabytes of data from HBO’s network but with digital autopsies currently taking place, it is likely HBO will know soon enough. Despite this, HBO Chairman and CEO Richard Plepler, has released statements expressing confidence that hackers have no access to email systems, despite hackers later releasing hundreds of emails between various staff, including internal writers for the show.
It is unknown what data hackers now hold and what they will leak, having promised to continue leaking content. The most ‘valuable’ piece of data that has been released thus far is mock-scripts for episodes that have since aired, they have not as of yet leaked any video footage from the show. For HBO and Game of Thrones, there has been no secret about the attempts to keep plot lines and show secrets exactly that, secret. Having been one of the most-streamed shows (illegally) of all time, HBO have fought an uphill battle to try and keep content offline, this however is the first time the company has been the victim of a cyber-attack.
Pay up or pay
Developments in this latest hacking threat have seen leaked emails allegedly showing an HBO official offering the hacker a ‘bounty’ payment of $250,000 for bringing security flaws to their attention. This payment is a long way short of the “six months’ salary”, equal to around $6 million, however it remains to be seen if it will be enough to stave off hackers determined to leak content and vital spoilers to eagerly waiting fans.
At this point in time, HBO are faced with a decision, pay up or pay the consequences. They are currently working with external parties and law enforcement to ascertain the scale of the attack, but there is no real way of knowing what data hackers have or could release. This is not the first targeted attack on such a company, with Netflix and Sony famously falling victim to attacks of their own.
- In April 2017, Netflix were victim of a cyber-attack which saw hackers leak the upcoming series of Orange is the New Black.
- The Sony hack of 2014 saw an alleged 100 Terabytes of data stolen, the fall out due to confidential emails being leaked following the hack had a severe effect on the company’s reputation.
With schools, hospitals and charities all also being hit by cyber-attacks, predominantly ransomware and other malware attacks, hackers have been able to exploit weak systems for bumper paydays, some reportedly up to $1 million.
A step up in security
With such a high-profile breach of security having taken place, Game of Thrones faced no choice but to step up security protocols, even before this hack. It is reported that on-set staff, writers and actors were all told to enable two-factor authentication on email accounts and the number of staff with access to scripts was cut. Further to this, actors were only given digital copies of scripts, were not allowed to print them and had to sign in/out any notes they made during rehearsals.
The increasing focus on cyber-security across the globe comes at a time where the legislation around data protection is also making headlines. With the General Data Protection Regulation (GDPR) set to take effect in May, the processes organisations take to protect their data will be under scrutiny. The GDPR will affect any organisation that holds data on any European citizen and will require organisations to ensure ‘technical and organisational measures’ have been taken to protect data and prevent data breaches.
It is reported that hackers gained access to personal addresses and contact details for some of Game of Thrones top stars. Under the GDPR, HBO could have been liable for a €10 million fine had they not reported the breach within 72 hours. This could have been paired with a further fine of up to €20 million for the breach itself.