The first wave of the Sony Pictures hack sounded bad enough, with employees reportedly sent home from work and major systems rendered inaccessible. Now, several online reports suggest the company has been the victim of highly sophisticated malware and a major data theft.

It was reported last week that desktops at the entertainment giant’s offices were covered with an image of a red skeleton and a message from the so-called “Guardians of Peace.” The group said it had stolen data files from the company and was making threats about releasing them unless certain unspecified demands were met.

According to CNBC, the Sony Pictures hack may be getting even worse. Several of the studio’s films, including “Annie” and “Fury,” have been released online without authorization, sparking a wave of online piracy before some of the movies have even hit theaters for the all-important holiday season.

Meanwhile, the FBI has sent out an advisory to businesses about malware that may be linked to the Sony Pictures hack, ZDNet said, although neither authorities nor the company have confirmed it. The FBI document is described as a detailed analysis that suggests the malware can compromise hardware and entire networks with apparent ease.

Sony is by no means taking this attack lying down. According to Reuters, FireEye’s Mandiant unit is conducting a forensic analysis and cleaning up affected systems. Target, which was subject to a major data theft earlier this year, is among Mandiant’s other clients.

When cyberattacks take place, the fallout can include sensitive customer information entering the public domain and financial losses. In this case, there may also be damage to the firm’s corporate reputation. For example, The Daily Mail in the United Kingdom parsed some of the documents that were leaked online to show that its highest-paid executives are almost all white men.

In the long run, however, this could be just the tip of the iceberg. Budget information, passwords and other files are among the 11,000 gigabytes lost in the Sony Pictures hack, Network World said. Even personal IDs, such as passports of A-list celebrities, may be at risk.

For the moment, the company may be focused on simply getting its operations back to normal. The Verge said email systems were still offline in the wake of the attack, while media accounts for some of its films were continuing to be abused over the Thanksgiving weekend, according to the Washington Post.