ViacomCBS Parent Company Suffers Major Cyber Attack, 82K People Affected
National Amusements, the media and entertainment conglomerate that owns cinema chain ViacomCBS, has confirmed it was the victim of a data breach that exposed the personal information of over 82,128 people.
In a legally required filing with Maine's attorney general made public this week, National Amusements disclosed that hackers breached its systems in December 2022 and stole a significant amount of sensitive personal data.
The stolen information included names, addresses, Social Security numbers, financial information such as bank account and credit card numbers, and other personal data of victims. While the notice did not specify who was impacted, it was submitted by the company's human resources Senior Vice President, indicating employees were likely affected.
National Amusements discovered the breach in August 2023, 8 months after it occurred. The company has not provided details on how the attackers gained access to its systems or what kind of cyberattack was carried out. It also remains unclear if customer data was compromised in the breach or if it was limited to employee information.
The company has not yet commented on the breach.
"On or about December 15, 2022, National Amusements became aware of suspicious activity in our computer network. We immediately took steps to secure our network and minimize any disruption to our operations. We launched an investigation into the nature and scope of the event with the assistance of industry leading cybersecurity specialists. Through this investigation, we learned that an unauthorized individual accessed our network between December 13, 2022 and December 15, 2022, and that files containing individuals information may have been viewed and/or taken by the unauthorized individual. After the investigation was complete, we undertook a detailed review of the data, with the assistance of third-party specialists, to determine what information was impacted and to whom it related. We recently completed this review."
The types of data involved in this breach may cause an elevated risk of identity theft and financial fraud. It is advised that impacted individuals immediately enable credit monitoring, place fraud alerts on their credit files, and review account statements for any suspicious activity.
In August 2022, Paramount disclosed it experienced a separate cyber incident that compromised customer data.
"We recently learned that, between May and June 2023, an unauthorized party accessed files from certain of our systems. Our investigation subsequently determined that the files contained some of your personal information." - Paramount data breach notice reads.
"Based on our investigation, the personal information may have included your name, date of birth, Social Security number or other government-issued identification number (such as driver’s license number or passport number) and information related to your relationship with Paramount. The types of affected personal information varied by individual."
The hackers stole Paramount customer names and dates of birth, as well as Social Security numbers or other government-issued identification numbers, according to the notice.