Paramount Global, the American multinational mass media and entertainment titan, has recently experienced a major data breach, resulting from a cyber attack. The breach compromised their systems and allowed unauthorized access to sensitive personally identifiable information (PII). Paramount Global has acknowledged the breach and sent breach notification letters to those affected.
The breach, which took place between May and June 2023, occurred when threat actors successfully breached Paramount’s security measures, gaining entry to their systems. However, the company has stated that the impact of the attack was limited, affecting fewer than 100 individuals. Despite Paramount Global disclosing the security incident, the identity of the perpetrators behind the cyber attack remains unknown.
According to Paramount’s breach notification, personal information such as names, dates of birth, and Social Security numbers may have been impacted by the cyber attack. Additionally, government-issued identification numbers, including driver’s license numbers and passport numbers, may have also been exposed to hackers during this time period. It is unclear whether this information has been misused at this point in the investigation.
Brian Keane, the Executive Vice President and Operations at Paramount Global, stated that the types of personal information affected varied by individual. The hackers also accessed data related to the specific individual’s relationship with Paramount. Third-party cybersecurity experts, in collaboration with law enforcement, conducted an investigation into the breach and have since secured the impacted systems.
In response to the breach, Paramount Global provided contact details for identity protection and free credit monitoring. They also established specific hotlines for residents of New York and other affected individuals. A company spokesperson confirmed that less than 100 individuals were impacted by the breach, but it was not disclosed whether these individuals were employees or subscribers.
It is important to note that the cyber attack on Paramount Global was not a result of the exploitation of the vulnerability in the MOVEit file transfer service. The MOVEit list of data breaches has affected approximately 1,058 organizations worldwide. The Clop ransomware group claimed responsibility for the MOVEit cyber attack, as well as several others, by gaining unauthorized access to systems using the compromised file transfer service.
Coincidentally, the time of the MOVEit vulnerability exploitation aligns with the unauthorized access reported in May 2023 during the Paramount data breach. While Paramount has a global audience with over 4.3 billion subscribers and operates in over 180 countries, it is unclear whether the stolen information will surface on the dark web marketplace.
At the time of writing, Paramount’s website was still accessible, allowing users to access their entertainment content. However, the investigation into the data breach is ongoing, and it remains to be seen if any traces will lead investigators to the dark web marketplace where the stolen information may be sold.
Please note that this report is based on internal and external research and should be used for reference purposes only. The Cyber Express cannot be held liable for the accuracy or consequences of using this information.