Cummings Requests Information from Sony on North Korean Cyber Attack

Dec 23, 2014
Press Release


Washington, D.C. (Dec. 23, 2014)—Today, Rep. Elijah E. Cummings, Ranking Member of the House Committee on Oversight and Government Reform, sent a letter to the Chairman and CEO of Sony Pictures Entertainment requesting information about a devastating cyber attack in which hackers believed to be from North Korea stole soon-to-be-released films and the personal information of over 47,000 current and former employees, including their social security numbers and healthcare records.        

“The increasing number and sophistication of cyber attacks on both public and private entities pose a clear and present danger to our national security and highlight the urgent need for greater collaboration to improve data security,” wrote Cummings.  “Sony’s knowledge, information, and experience will be helpful as Congress examines federal cybersecurity laws and any necessary improvements to protect sensitive consumer and government financial information.”

Cummings cited reports that the size, scope, and scale of the hack into Sony’s systems “may be the most damaging cyberattack ever inflicted on an American business.”  Cummings wrote that this attack is even more notable because of the threats of violence that accompanied it, including emails from the hackers threatening violence against movie theaters that intended to show the film “The Interview.”

Cummings requested that Sony provide a description of all data breaches it has experienced over the past year; the number of current and former employees and customers potentially affected; findings from any forensic investigative analyses or reports concerning the breaches; data protection improvement measures taken since discovering the breaches; and any recommendations for improvements in cybersecurity laws.

Over the past year, Cummings has pressed repeatedly for enhanced oversight of cyber-security measures in the private and public sectors and has requested information and hearings on data breaches at retail companies, financial institutions, healthcare corporations, government contractors, and federal agencies.


113th Congress