Sony confirms it was recent hacked, affecting around 7000 Sony employees, all caused by a zero-day vulnerability. Learn more about what Sony was doing to protect its employees' data and other cybersecurity breaches Sony has encountered.
Sony Confirms Data Breach
Approximately 7000 Employees Affected
Sony Interactive Entertainment has acknowledged that it suffered a severe data breach that has affected over 7,000 current and past employees and their family members. The incident was caused by unauthorized access using a zero-day vulnerability in the company's MOVEit Transfer platform. The hackers downloaded the files from this platform, and the files contained personal information of the employees.
Sony acted quickly after detecting the intrusion on June 2, 2023. The impacted platform was taken offline immediately, and actions were taken to fix the issue. The company started a thorough investigation with the aid of outside cybersecurity professionals. The event was also reported to law enforcement agencies.
Fortunately, Sony has made it clear that the compromise was limited to the particular platform in question and had no effect on any other systems within the company.
Sony's Course of Action
According to a formal letter from Sony to the affected employees, On June 2, 2023, SIE discovered the unauthorized downloads, immediately took the platform offline, and remediated the vulnerability. An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement.
Along with quickly patching the vulnerability, Sony has increased system monitoring and put extra safeguards in place to lessen the danger of future similar cyber events.
Sony is also offering free credit monitoring and identity restoration services to individuals affected due to the severity of the situation. Those affected are advised to watch out for any indications of fraud or identity theft.
More Cybersecurity Breach
The ransomware gang CL0P, which announced of its access to the data of Sony employees in late June, has been blamed for the attack. A trustworthy source in the cybersecurity community, FalconFeedsio, stated that Sony had been added to CL0P's list of victims suffering from this same vulnerability.
This incident comes before a cyber attack against Sony last month when a different ransomware group under the name of RansomVC threatened to sell some 6,000 files containing necessary information. The file they released to the public seems to have been a dud.
While Sony works tirelessly to correct this compromise and strengthen its cybersecurity procedures, affected individuals are advised to remain watchful and take advantage of its support services.
Sources:
Sony's Sample Letter to Employee
