Sony Interactive Entertainment has reached out to around 6,800 current and former company employees to confirm their personal details were included in a recent data breach, initiated by a ransomware group known as CL0P. These details were reportedly stolen via a vulnerability in MOVEit, a file transfer system used within Sony.
While this vulnerability had been spotted and fixed in May 2023, it’s believed the ransomware group was able to get in three days earlier, downloading the personal information of a range of US-based Sony employees. No other data is believed to have been stolen – although notably, this is not the only reported ransomware attack that the company has faced recently.
In September 2023, the company confirmed they were looking into another alleged ransomware attack, initiated by a group known as Ransomed.vc. Around 6,000 unknown items were reportedly stolen as part of this hack, however, Sony has yet to confirm the extent of this separate incursion.
Read: Sony investigating alleged cyberattack by ransomware group
For now, only the investigation into the May 2023 hack has been completed, with Sony now stating the issue has been fixed. In response, it has provided impacted staff with access to free credit monitoring and identity protection services.
“On June 2, 2023, SIE discovered the unauthorised downloads, immediately took the platform offline and remediated the vulnerability,” Sony said, in a message sent to employees. “An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement. Once SIE identified the downloaded files, we began a process to determine what types of personal information were affected and to whom it relates. While we worked quickly, this was a time-consuming process, and we wanted to provide you accurate information.”
With this data breach now plugged, Sony will likely turn attention to its more recent incursion, which is currently under investigation with forensic experts. Per VGC, Sony does not believe that customer or business partner data has been impacted, as the breach appears to have occurred only in a single server location in Japan used for internal testing.