iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Children’s television channel Nickelodeon has confirmed that it suffered a data breach after hackers claimed to have stolen half a terabyte of data.
Word of an apparent breach of the Paramount-owned pay TV channel’s animation department appeared online last month, with proof quickly following.
Before long, 500 gigabytes of data supposedly from the breach was spreading around social media, containing media files and documents.
Reports said the data was initially leaked on a private Discord server, which led to them being reposted online.
Despite the breach apparently occurring in January, with Nickelodeon securing its systems again two months later in March, the data appears to be from decades ago. A spokesperson for Nickelodeon speaking with BleepingComputer, the channel is currently investigating the incident.
“We are aware of social media posts that alleged production-related files were made available without authorisation, and we are investigating,” the spokesperson said.
In addition, Nickelodeon said that the data pertained to media files and documents relating to intellectual property and production files and that user and employee data remain secure.
“The alleged leaked content appears related to production files only, not long-form content or employee or user data, and some of it appears to be decades old,” it said.
Nickelodeon’s investigation and the age of the leaked content have suggested that the data came from an older breach of their systems. However, due to the size of the leak, analysis of the files and identification of more recent data will take time.
While in the case of the Nickelodeon breach, the fact the data is decades old isn’t a legal issue, data retention presents a major issue for companies that hold sensitive data of past and current customers.
The recent Latitude data breach presented a perfect example of the need for organisations to delete unnecessary data, with several of the affected individuals having been customers of GE Money, the predecessor to Latitude Financial.
In Australia, no data retention period has been established under the Privacy Act. However, law firm Lander & Rogers said there are other measures in place to ensure that organisations follow the correct procedures in the management of old data.
“[Australian Privacy Principle 11] provides that an APP entity must take reasonable steps to destroy or de-identify the personal information it holds once it [is] no longer needed for the purpose for which the personal information may be used or disclosed under the APPs,” it said.
Be the first to hear the latest developments in the cyber industry.
