Sony Interactive Entertainment (SIE) has warned around 6,800 current and former employees that their personal data was accessed via a data breach, according to a letter seen by Bleeping Computer. The nature of the personal information stolen by hackers was redacted, but the company stated that a file transfer app called MOVEit was the source of the breach. It’s the second report of an attack on Sony’s operations within the last two weeks.
A ransomware group called CL0P claimed credit for the attack on May 28th, and MOVEit’s vendor Progress Software notified Sony about the vulnerability on May 31st “On June 2, 2023, [we] discovered the unauthorized downloads, immediately took the platform offline, and remediated the vulnerability,” Sony states in the letter to employees. “An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement.”
The hackers reportedly gained access to personally identifiable information about US employees, so Sony is providing credit monitoring services to those affected.
Sony was victim of another breach first reported last week. In that case, the hackers accessed servers in Japan used for internal testing for its Entertainment, Technology and Services business, pilfering 3.14GB of data. A threat actor called Ransomed.vc took credit for the attack, but that was denied by another group calling itself MajorNelson, which posted a sampling of files as proof. Sony said it was investigating the attack, adding “there has been no adverse impact on Sony’s operations.”
The company’s PlayStation network was attacked in 2011, and Sony Pictures was famously hacked in 2014, resulting in a massive leak of documents and content — including entire films.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.