American multinational mass media and entertainment titan Paramount Global has fallen victim to a significant data breach, resulting from a cyber attack that compromised their systems and granted unauthorized access to sensitive personally identifiable information (PII).
The breach was acknowledged by Paramount Global in breach notification letters, co-signed by Brian Keane, EVP of Nickelodeon Animation Studio, and dispatched to those affected by the breach.
According to the notification, personal information was suspected to have been impacted by the Paramount cyber attack between the months of May and June 2023.
The threat actors successfully breached Paramount’s security measures, gaining entry to their systems. The company confirmed that the cyber attack had a limited impact, affecting fewer than 100 individuals.
Although Paramount Global has disclosed the security incident, details regarding the identity of the perpetrators behind this cyber attack remain shrouded in mystery.
Details about the Paramount Cyber Attack
Screenshot of the company notice about the data breach
“We recently learned that, between May and June 2023, an unauthorized party accessed files from certain of our systems,” read their notice of data breach.
“Our investigation subsequently determined that the files contained some of your personal information,” Brian Keane, Executive Vice President, and Operations, at Paramount Global wrote in the notice.
The personal information that likely got stolen or accessed during the Paramount cyber attack were –

Date of birth
Social Security Number

The Paramount data breach notice speculated that government-issued identification numbers of individuals including driver’s license numbers and passport numbers were exposed to hackers between May and June this year.
While the company has been alerting impacted individuals about the compromise of their data during the Paramount cyber attack, it is not clear that the information was misused based on the status of the investigations so far.
Addressing the nature of data lost during the two-month-long Paramount security breach, Brian stated, “The types of affected personal information varied by individual.” It was also noted that the hackers accessed data about the specific individual’s relationship with Paramount.
Third-party cybersecurity experts conducted an investigation in coordination with law enforcement to conclude that unauthorized parties accessed files from certain systems containing personal information.
The impacted systems during the Paramount cyber attack have been secured. The notice announcing the Paramount security breach had contact details for identity protection and free credit monitoring, reporting security incidents due to the Paramount data breach, and specific hotlines for residents of New York among others.
“The personal information of less than 100 individuals may have been accessed by the unauthorized party and those individuals and the relevant authorities were notified,” a company spokesperson told by BleepingComputer. However, it was not disclosed whether those individuals were employees or Paramount subscribers.
The company further noted that the cyber attack on Paramount was not due to the exploitation of the vulnerability in the MOVEit file transfer service.
The MOVEit list of data breaches has led to the compromise of nearly 1,058 organizations worldwide.
Clop ransomware group claimed the MOVEit cyber attack and several others by gaining unauthorized access to their systems using the access gained through the file transfer service.
Over 60,639,863 individuals have been exposed to the ransomware group of which the operators have been naming and demanding a ransom with an initial deadline being June 14, 2023.
The time of the MOVEIt vulnerability exploitation and the Paramount data breach access coincides with both reporting unauthorized access in May 2023.
While Paramount caters to audiences across the globe and has over 4.3 billion subscribers, it remains to be seen if the traces of the data breach take investigators to the dark web marketplace selling the likely stolen information.
The website of the entertainment content giant was accessible at the time of writing. It serves over 180 countries.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.