U.S. authorities have arrested a second member of the hacking group known as LulzSec in connection with a cyber attack against Sony Pictures Entertainment that saw the leaking of thousands of emails, phone numbers, passwords and other personal details of people who had entered Sony contests.
Raynaldo Rivera, 20, of Tempe, Ariz., surrendered to the FBI in Phoenix on Tuesday, the law enforcement agency said in a press release.
Rivera was indicted by a federal grand jury in Los Angeles last week, and the indictment was unsealed Tuesday.
He is charged with conspiracy and the unauthorized impairment of a protected computer and could face up to 15 years in prison.
Rivera appeared before a federal magistrate in U.S. District Court in Phoenix Tuesday and will be back in a Los Angeles court on Sept. 14.
Another member of LulzSec, Cody Kretsinger, pleaded guilty in April to charges related to the attack and is to be sentenced on Oct. 25.
Offshoot of Anonymous
U.S. authorities accuse Rivera, who used the online monikers "neuron," "royal" and "wildicv," of belonging to a group of hackers known as LulzSec, or Lulz Security, whose tag line on its website at one point was "laughing at your security since 2011" and which in June 2011 hacked into the website of the U.S. Senate.
LulzSec is believed to be an offshoot of the international hacking collective Anonymous, which came to prominence in 2010 with a series of high-profile attacks against companies that boycotted the online activist group WikiLeaks after it released a series of classified U.S. diplomatic cables.
Several LulzSec members allegedly hacked into Sony's computer system in May and June 2011, using what is known as an SQL injection attack, which exploits vulnerabilities in the data-input processes of computer databases.
They posted confidential information obtained from Sony's computer systems onto the LulzSec website and Twitter account, the FBI said. In the wake of the attack, Sony said that as many as 37,500 of its customers who filled in personal details for promotions or sweepstakes may have been affected by the breach.
The breached databases did not include credit card information, but a separate cyberattack against Sony's PlayStation Network that took place just a few weeks earlier did potentially leak the credit card details of millions of PlayStation users.
That breach has not been attributed to any specific group.