After delay, Sony warns workers about leaked data

Fallout from the massive Sony data breach is widening, as Sony Pictures Entertainment is warning current and former employees about fraudsters who might be prowling the Internet to take advantage of leaked personal information.

Sony has acknowledged a large amount of data was stolen by hackers last month in a massive cyberattack. Leaked information included everything from film project details to individual employees' personal data including financial account details, health-care information and social security numbers that can't be easily replaced.

Sony is investigating the attack and has said the company will offer employees identity theft protection services, according to Reuters.

Earlier Tuesday, two people who described themselves as former Sony employees have accused Sony Pictures of failing to protect employee data in a class action suit, according to Reuters.

Pedestrians walk past Sony Pictures Studios in Los Angeles, Dec. 4, 2014.
Frederic J. Brown | AFP | Getty Images
Pedestrians walk past Sony Pictures Studios in Los Angeles, Dec. 4, 2014.
"I am incredibly sorry that you had to go through this." -Michael Lynton, Sony Pictures Entertainment CEO

On Monday, Sony Pictures Entertainment CEO Michael Lynton addressed studio employees on the Culver City, Ca. lot. "What has occurred at Sony is a systematic criminal attack on our staff and business," said Lynton, according to The Hollywood Reporter. "I am incredibly sorry that you had to go through this."

Representatives from the FBI did not speak at the town hall meetings, although they are known to be on the lot, along with representatives from cybersecurity firm Mandiant, according to The Hollywood Reporter.

Lynton was flanked by Sony Pictures executive Amy Pascal, whose email exchange with producer Scott Rudin about a Steve Jobs biopic was part of the data breach. Rudin is the man behind projects including "Moneyball" and "The Social Network." The duo were working together on the Jobs film, written by Aaron Sorkin, until the studio pulled out last month. The emails have been reported by various news outlets.

As the Sony hacking mess morphs and shifts, the studio is fighting back. David Boies, a prominent lawyer hired by Sony, sent letters to media outlets and demanded they delete "stolen information."

Sony against the world
Sony takes on media   

The leaked data includes salary discrepancies between male and female actors and studio executives.

Read MoreNew James Bond film could be most expensive, Sony hack reveals

"What we have is a conundrum," entertainment attorney Darryl Cohen recently told CNBC. "We have emails with the expectations of privacy. We have the news organizations receiving this, they didn't reach out to get it, they didn't go after it. But it came to them," Cohen said.

Other stolen data included yet-to-be released films including Annie, and a draft script of the upcoming James Bond film Spectre.

Focus on North Korea

This image released by Columbia Pictures shows James Franco, left, and Seth Rogen in "The Interview."
Ed Araquel | Columbia Pictures | AP
This image released by Columbia Pictures shows James Franco, left, and Seth Rogen in "The Interview."

For now it remains unclear whose responsible for the cyberattack. Suspicion has fallen on North Korea, which has denied responsibility.

The cyberattack comes before Sony Pictures is scheduled to release "The Interview" in the U.S. later this month. The comedy is about two tabloid journalists who secure an interview with North Korean leader Kim Jong Un. The CIA, in turn, tasks the duo with assassinating Kim.

While North Korea's computer network and digital data infrastructure are behind compared to wealthier industrialized nations, North Korea has ramped up cyber capabilities in recent years.

Read More Inside North Korea's elite cyberwarfare unit

Previous attacks and malware attributed to North Korean origins are not sophisticated and recycle tactics, techniques and procedures—a collective cyber strategy referred to as "TTPs," said Ted Ross, security research director for enterprise security products at Hewlett-Packard.

"It is possible that an entity unaffiliated with the regime but familiar with North Korean threat actor TTPs fabricated the attack in such a way as to make it appear to be of North Korean origin, in order to evade suspicion," said Ross in an email to CNBC.com.

See the full Reuters story here. Read The Hollywood Reporter story here.