By Ronald Grover , Mark Hosenball and Jim Finkle
LOS ANGELES/WASHINGTON/BOSTON (Reuters) - Eight days after a massive cyber attack on Sony Pictures Entertainment, the Hollywood studio was still struggling to restore some systems on Tuesday evening as investigators combed for evidence to identify the culprit.
Some employees at the Sony Corp entertainment unit were given new computers to replace ones that had been attacked with the rare data-wiping virus, which had made their machines unable to operate, according to a person with knowledge of Sony's operations.
In a memo to staff seen by Reuters, studio co-chiefs Michael Lynton and Amy Pascal acknowledged that "a large amount of confidential Sony Pictures Entertainment data has been stolen by the cyber attackers, including personnel information and business documents."
They are "not yet sure of the full scope of information that the attackers have or might release," according to the memo first reported by Variety, and encouraged employees to take advantage of identity protection services being offered.
Their concern underscores the severity of the breach, which experts say is the first major attack on a U.S. company to use a highly destructive class of malicious software that is designed to make computer networks unable to operate.
Government investigators led by the FBI are considering multiple suspects in the attack, including North Korea, according to a U.S. national security official with knowledge of the investigation.
The FBI said Tuesday that it is working with its counterparts in Sony's home country of Japan in the investigation.
That comes after it warned U.S. businesses on Monday about hackers' use of malicious software and suggested ways to defend themselves. The warning said some of the software used by the hackers had been compiled in Korean, but it did not discuss any possible connection to North Korea.
SONY'S TROUBLES
The hack, which was launched Nov. 24, only affected computers with Microsoft Corp's Windows software, so Sony employees using Apple Inc Macs, including many in the marketing department, had not been affected, according to the person familiar with Sony's operations, who was not authorized to publicly discuss the attack.
Sony Pictures Entertainment shut down its internal computer network last week to prevent the data-wiping software from causing further damage, forcing employees to use paper and pen.
The studio has brought some systems back on line, focussing first on those from which the company generates revenues, including those involved with marketing and distributing its films and TV shows, according to the person.
The hack comes at a tough time for Sony, following soon after a denial-of-service attack on Sony's PlayStation Network in August. Sony was also victim of a notorious 2011 breach that compromised data of tens of millions of PlayStation Network users.
It also comes just as the company's CEO Kazuo Hirai is trying to grow the entertainment business to help offset losses in its mobile division.
He has been under pressure to prove the segment's growth potential after rejecting a proposal by U.S. hedge fund Third Point to spin it off last year.
FORENSIC INVESTIGATION
People claiming responsibility for this latest attack have posted high-quality digital copies of yet-to-be-released Sony films and what they claim are sensitive data about its operations and employees on Internet download sites, making them freely available to the public in a series of releases over the past five days.
Sony's holiday musical "Annie", which is due to be released Dec. 19 in the United States, was available for download on a popular piracy site on Tuesday evening.
Daniel Clemens, chief executive of cyber security firm PacketNinjas, said he has reviewed the files released to date and believes they were stolen from Sony.
He said he found business contracts as well as Social Security numbers, salary information and medical data about employees.
"This is a horrible compromise," Clemens said.
The U.S. national security official, who asked to remain anonymous, told Reuters on Tuesday that the forensic investigation is in its early stages, and that no clear suspects have emerged.
The technology news site Re/code reported Nov. 28 that Sony was investigating whether hackers working on behalf of the North Korean government were responsible for the attack as retribution for the company's backing of the film "The Interview."
The comedy, which is due to be released in the United States and Canada on Dec. 25, is about a CIA plot to assassinate North Korean leader Kim Jong Un. Pyongyang denounced the film as "an act of war" in a letter to U.N. Secretary-General Ban Ki-moon in June.
(Additional reporting by Lisa Richwine in Los Angeles; Editing by Mary Milliken, Lisa Shumaker and Rachel Armstrong)