MashBlur

Sony stands to lose a lot from the massive hack that continues to leak tons of documents and data — passwords, full-length films and the social security numbers of 47,000 people, including celebrities — to the public, experts say.

The company has remained mostly mum about the hack, but as Fusion points out, some of the Sony Pictures' history could possibly shed some light on the fact that data security wasn't always a major concern up top.

In 2007, Sony's executive director of information security said in an interview with CIO that he wasn't willing to put up a lot of money to defend the company's sensitive information. He also talked about how he convinced a security auditor, a year before in 2006, that the company's use of very weak passwords wasn't such a big deal.

"It’s a valid business decision to accept the risk” said Jason Spaltro, who is now Sony Pictures' senior vice president of information security, in the interview. “I will not invest $10 million to avoid a possible $1 million loss."

The loss of what Sony has endured following the mysterious "Guardians of the Peace" hack is probably much, much more substantial than $1 million, however.

"I have no idea how to value the dollar cost of losing control of employee Social Security Numbers, highly confidential company documents, and of course the reputation damage from being victimized like this," Tod Beardsley, engineering manager at security firm Rapid7, toldMashable in an email. 

Beardsley said he didn't want to victim-blame Sony, and that the security landscape has changed a lot since 2007. But Adrian Sanabria, a security expert with 451 Research, said companies typically have to endure a breach before they begin taking information security seriously. Even though some companies get put out of business by hacks, "there will still be that head of InfoSec bragging that he convinced auditors that terrible passwords are okay.""If it were possible to spend 10 million 2007 dollars to prevent this incident, that would have been a serious bargain.”

Sanabria told Mashable it will be the lawsuits that will be the big deal. Top-billed film stars, movie theaters, retail chains and streaming services all stand to lose out on something if people download Annie and Fury, he said.

"So many files have been leaked that this is really just the tip of the tip of the iceberg," he said.

Sony's Spaltro has a salary that tops $300,000 this year, Fusion notes. It will break $400,000 if he gets his bonus.