The firm was forced to shut down its entire computer network on 25 November 2014 after a cyber attack by a group of hackers identifying themselves only as #GOP, or Guardians of Peace.
Data released online showed that the attackers accessed a wide variety of data, including a list of employee salaries and bonuses; social security numbers and dates of birth; employee performance reviews; criminal background checks and termination records; correspondence about employee medical conditions; passport and visa information for film actors and crew; internal emails; and unreleased films.
The attack also resulted in the destruction of about three-quarters of the computers and servers at the firm’s main operations, according to a weekend report in the New York Times.
Read more about data breaches
- Rich Mogull's Data Breach Triangle: Rethinking data breach prevention
- US State Department bolsters email security after suspected breach
- Spotify warns of data breach
- JP Morgan breach affects 7 million small businesses
- Home Depot under fire for data breach notification
- US military logistics arm breached by China-linked hackers
- Breach response plan is a must for enterprise security
- Best practices for security data breach reporting
- Finance and retail applications most vulnerable to breaches
- Courier firm UPS warns of potential data breach
- Staples breach update: Cyber insurance may cover retailer's costs
- US supermarket retail chain Supervalu reports cyber breach
- Most businesses do not understand risks of data breaches, study finds
- Home Depot security breach: Losses include 53 million email addresses
- UK micro businesses unprepared for data breaches, study shows
Responding to the US sanctions, a North Korean foreign ministry spokesman denied any role in the cyber attack and accused the US of "groundlessly" stirring up hostility towards Pyongyang, reported ABC online.
North Korea has repeatedly denied involvement in the cyber attack and has called for a joint investigation, but the proposal has been ignored by the US.
The White House said the sanctions were in response to the cyber attack, which came in the wake of Sony's film The Interview which concerns a plot to assassinate North Korean leader Kim Jong Un.
US president Barack Obama authorised fresh sanctions on three North Korean organisations and 10 government officials, although the US has offered no public evidence linking North Korea to the attack.
But the White House said independent experts do not have access to the same classified information as the FBI.
Pyongyang said the new sanctions imposed over the weekend would further push North Korea to strengthen its military-first policy, known as Songgun.
Political observers say the fresh sanctions are largely symbolic, as North Korea is already deeply isolated over its nuclear ambitions.
Cyber security experts have noted that it is often extremely difficult to say with any certainty who is responsible for cyber attacks or even where the attacks originate.
Although Pyongyang has strongly criticised The Interview, some security experts say the attack does not bear the hallmarks of cyber attacks backed by a nation state.
They say it was more likely to be the work of sympathisers, hacktivists or disgruntled company insiders, especially as the attackers criticised Sony’s poor data security and posted stolen data to Pastebin.
The cyber attack led to Sony withdrawing The Interview from its planned release, but it is now available for download and is showing at some cinemas, according to the BBC.
The controversial film reportedly made about $15m through downloads alone over its first three days of distribution.