U.S. student charged in Sony Pictures data breach
An Arizona college student was arrested and charged Thursday in a breach of computers at Sony Pictures Entertainment early this summer where more than 37,000 customers had their information stolen.
An indictment unsealed in Los Angeles charged Cody Kretsinger, 23, of Tempe, Ariz., with one count each of conspiracy and unauthorized impairment of a protected computer. If convicted of both counts, he faces up to 15 years in prison.
It wasn't immediately known if Kretsinger had retained an attorney.
Kretsinger appeared in a Phoenix federal courtroom Thursday afternoon where a judge restricted his travels to Arizona, California and Illinois, where he has family, before releasing him on his own recognizance.
Kretsinger was ordered to use his computer only for schoolwork and told to appear in Los Angeles federal court Oct. 11 for a post-indictment arraignment.
Authorities say Sony Pictures computers were compromised in late May and early June by a group known as Lulz Security, whose members anonymously claimed responsibility. The organization had bragged of accessing more than one million accounts, but Sony, whose offices are in Culver City, Calif., later said about 37,500 users had personally identifiable information stolen.
1st U.S. arrest of LulzSec member
Kretsinger is the first person arrested in the U.S. who is a current or former member of LulzSec, which has been linked to other hacking scandals involving various government and business entities across the world, authorities said.
Kretsinger, known by the moniker "recursion," grabbed confidential information from Sony and passed it along to other members of LulzSec, who posted the stolen material on its website, according to the indictment.
Additional charges may be forthcoming because the indictment notes Kretsinger was aided by other known and unknown co-conspirators. The investigation is ongoing, said FBI spokeswoman Laura Eimiller.
Parent company Sony Corp. has been dogged by personal data loss problems, including separate hacks that compromised the personal information of more than 100 million users earlier this year.